Re: DSS cipherspecs ...
Dr Stephen Henson [EMAIL PROTECTED]: [...] The SSL spec isn't clear on the format of the DSS signature. I hadn't noticed that problem -- the TLS RFC does have an explicit definition ("hashing [...] produces two values, r and s. The DSS signature is an opaque vector [...] the contents of which are the DER encoding of [...]"). Which leads to the question: Are there any browsers that are not based on SSLeay/OpenSSL and support TLS 1.0? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: DSS cipherspecs ...
Bodo Moeller wrote: Dr Stephen Henson [EMAIL PROTECTED]: [...] The SSL spec isn't clear on the format of the DSS signature. I hadn't noticed that problem -- the TLS RFC does have an explicit definition ("hashing [...] produces two values, r and s. The DSS signature is an opaque vector [...] the contents of which are the DER encoding of [...]"). Unfortunately the SSL spec isn't so clear. The three formats in use are: 1. OpenSSL/SSLeay: DSS-sig structure with outer length parameter. 2. Sun HotJava: DSS-sig but without length parameter. 3. Netscape: 40 byte raw encoding of r and s with length parameter. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: DSS cipherspecs ...
On Wed, Mar 31, 1999 at 02:15:23PM +, Dr Stephen Henson wrote: Bodo Moeller wrote: Dr Stephen Henson [EMAIL PROTECTED]: The SSL spec isn't clear on the format of the DSS signature. I hadn't noticed that problem -- the TLS RFC does have an explicit definition ("hashing [...] produces two values, r and s. The DSS signature is an opaque vector [...] the contents of which are the DER encoding of [...]"). Unfortunately the SSL spec isn't so clear. The three formats in use are: 1. OpenSSL/SSLeay: DSS-sig structure with outer length parameter. 2. Sun HotJava: DSS-sig but without length parameter. 3. Netscape: 40 byte raw encoding of r and s with length parameter. Case 1 being exactly what RFC 2246 asks for, right? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]