well, i realised i couldn't answer the question seriously... what is ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to google chrome and firefox accepting it (a grep of openssl 1.0.1e fails to find it). does any server actually provide it? if so, what mode does it use (EDE is saying something about DES - how to build 3DES from DES - rather than giving a mode, isn't it?)?
andrew On Fri, Dec 13, 2013 at 08:51:44PM +0100, Erwann Abalea wrote: > Don't regret it, it wasn't that bad ;) > > -- > Erwann ABALEA > > Le 13/12/2013 20:39, andrew cooke a écrit : > >sorry, that was a bad joke i now regret sending. andrew > > > >On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote: > >>it dpends how many characters differ when sorted. > >> > >>in this case: > >> > >>ECDHE-ECDSA-DES-CBC3-SHA -> ----3AABCCCCDDDEEEEHHSSS > >> * *** ** > >>ECDHE-ECDSA-3DES-EDE-SHA -> ----3AACCDDDDEEEEEEHHSSS > >> > >>you can see (marked by *) that 6 characters don't match. > >> > >>now 6 is a triangular number, but the length of the entire cipher suite is > >>24, > >>which isn't triangule (the closest is 21). > >> > >>so they're only going to inter-operate on tuesdays. > >> > >>andrew > >> > >> > >>On Fri, Dec 13, 2013 at 07:30:02PM +0100, Walter H. wrote: > >>>On 12.12.2013 14:16, Erwann Abalea wrote: > >>>>It's not strange. > >>>>You removed the RSA-* from client side, the result is that the > >>>>server can't match anything in common between what the client > >>>>proposed and what the server accepts. The error you get has been > >>>>sent by the server. > >>>> > >>>The server is capable of ciphers DHE-* and others; > >>>the list is quite longer than the avaiable ciphers of the client ..., > >>> so I think this is quite strange ... > >>> > >>>openssl ciphers -V > >>> > >>>shows e.g. ECDHE-ECDSA-DES-CBC3-SHA > >>>the site https://cc.dcsec.uni-hannover.de/ shows this: > >>>ECDHE-ECDSA-3DES-EDE-SHA > >>> > >>>are these the same cipher suites but two confusing names? > >>> > >>>Walter > >>> > >>> > >>> > >> > >______________________________________________________________________ > >OpenSSL Project http://www.openssl.org > >User Support Mailing List openssl-users@openssl.org > >Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
