Re: DSS cipherspecs ...
Dr Stephen Henson [EMAIL PROTECTED]:
[...]
The SSL spec isn't clear on the format of the DSS signature.
I hadn't noticed that problem -- the TLS RFC does have an explicit
definition ("hashing [...] produces two values, r and s. The DSS
signature is an opaque vector [...] the contents of which are the DER
encoding of [...]"). Which leads to the question: Are there any
browsers that are not based on SSLeay/OpenSSL and support TLS 1.0?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: DSS cipherspecs ...
Bodo Moeller wrote:
Dr Stephen Henson [EMAIL PROTECTED]:
[...]
The SSL spec isn't clear on the format of the DSS signature.
I hadn't noticed that problem -- the TLS RFC does have an explicit
definition ("hashing [...] produces two values, r and s. The DSS
signature is an opaque vector [...] the contents of which are the DER
encoding of [...]").
Unfortunately the SSL spec isn't so clear. The three formats in use are:
1. OpenSSL/SSLeay: DSS-sig structure with outer length parameter.
2. Sun HotJava: DSS-sig but without length parameter.
3. Netscape: 40 byte raw encoding of r and s with length parameter.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: DSS cipherspecs ...
On Wed, Mar 31, 1999 at 02:15:23PM +, Dr Stephen Henson wrote:
Bodo Moeller wrote:
Dr Stephen Henson [EMAIL PROTECTED]:
The SSL spec isn't clear on the format of the DSS signature.
I hadn't noticed that problem -- the TLS RFC does have an explicit
definition ("hashing [...] produces two values, r and s. The DSS
signature is an opaque vector [...] the contents of which are the DER
encoding of [...]").
Unfortunately the SSL spec isn't so clear. The three formats in use are:
1. OpenSSL/SSLeay: DSS-sig structure with outer length parameter.
2. Sun HotJava: DSS-sig but without length parameter.
3. Netscape: 40 byte raw encoding of r and s with length parameter.
Case 1 being exactly what RFC 2246 asks for, right?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
