Hi All,
In response to an earlier question of mine asking for clarification of
whether AES 128 was supported Bill Fenner said:
AES128 support is described in RFC3826, and SHA2 support is described in
RFC7630.
...
Yes, when the tools refer to AES, they are referring to AES as described in
RFC3826.
>Is it the case that SHA1 and MD5 are the only supported hash algorithms?
Yes, the algorithms from RFC3414
4 days later Wes Hardaker kindly volunteered to implement the newer SHA
versions.
Looking in the changelog I spotted SHA 2 and 3 seem to be supported.
There's a mention in a changelog entry for 5.7.3.pre5:
commit 7ecfd3ede19e9c2218c9bf5959c095ce9fa6c8ab
Author: Brian Sipos <bsipos...@users.sourceforge.net>
Date: Wed Aug 6 10:30:54 2014 -0700
Fix detection of sha224 and sha384, patch from Brian Sipos
https://sourceforge.net/p/net-snmp/bugs/2564/
Luckily nobody's needed to build using an OpenSSL version
that doesn't support sha224 or sha384, since the inversion
of the test here would try to use sha224/sha384 support only
on OpenSSL versions that don't support them!
OpenSSL looks to have supported SHA2 since 0.9.8o:
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
[NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
OpenSSL 1.0.0.]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
https://www.openssl.org/news/cl098.txt
The readme in snmplib/openssl says:
This directory contains modified crypto code from OpenSSL 1.0.0.beta5.
It therefore seems that only SHA1 and MD5 are supported when compiling
using the --with-openssl=internal flag but it seems SHA2 and 3 would be
supported when compiling with a newer OpenSSL version?
If my understanding is correct and this is the case I think it'd provide a
useful footnote to the Strong Authentication or Encryption wiki page.
Thanks,
Mark
--
------------------------------
***** Email confidentiality notice *****
This message is private and confidential. If you have received this message
in error, please notify us and remove it from your system.
Insider Technologies Limited is a company registered in England and Wales
(Company Number: 2352867) and its registered office is at: Spinnaker Court,
Chandlers Point, 37 Broadway, Salford Quays, MANCHESTER, United Kingdom,
M50 2YR
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
