Hi Dr. Stephen Henson,
Thanks for your answer.
I know this cipher suite is rarely used however we do need this feature
and we do want to test it using openssl.
Do you happen to know how to get a DH certificate or how to generate a DH
certificate using openssl or other tools.
-Zyan
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org,
Date: 08/15/2013 07:26 PM
Subject:Re: Is RFC3268 extension supported in openssl?
Sent by:owner-openssl-us...@openssl.org
On Thu, Aug 15, 2013, Zyan Wu wrote:
From the documents of http://www.openssl.org/docs/apps/ciphers.html and
CHANGES with the source code, RFC3268 is stated to be supported.
But I cannot get the following ciphers by using openssl ciphers. (I have
used openssl1.0.1e and openssl0.9.8y)
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
Are they really supported or do I have to enable them when building
openssl?
Those web pages refer to the current development branch of OpenSSL so some
features (including these ciphersuites) may not be in all versions of
OpenSSL.
Those pareticular ciphersuites require the use of a DH certificate and are
only supported in unreleased OpenSSL 1.0.2 and the master branch. Very few
implementations support them, the ephemeral DH (EDH) ciphersuites are much
more common.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
