On Tue, Aug 07, 2012, Jeffrey Walton wrote: > Hi Doctor Henson, > > On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > > On Mon, Aug 06, 2012, Jakob Bohm wrote: > > > >> > >> Much (maybe all, I don't know) of suite B is probable in OpenSSL > >> 1.0.1 too, but I don't have an algorithm by algorithm breakdown > >> of inclusion status, others on this list probably have such a > >> list. > >> > > > > All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of > > the suite B standards (e.g. RFC 6460) include additional requirements which > > aren't currently enforced by OpenSSL. > > > Out of curiousity, what is OpenSSL using in place of MQV? A hardened > version (HMQV or FHMQV)? Or is it speciifed in one of the other > documents? >
Ah it doesn't support MQV. It supports the necessary algorithms for some suite B standards such as RFC6460 (ECDH, ECDSA, SHA256, SHA384 and AES-GCM). As I mentioned in the other message it doesn't yet support all the additional suite B requirements. For example you can only sign using ECDSA+SHA256 with P-256 curves whereas you can use any digest with OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org