2014-11-09 23:38 GMT+03:00 Miod Vallat <m...@online.fr>: > The libcrypto parts of the GOST ciphers have been commited, and barring > any objection from the usual LibreSSL suspects, will be enabled in the > not-so-far-away future. > > The libssl parts are still under consideration. I have one concern and > one question about them: > - I understand from the ``FIXME IANA'' comments that the various cipher > and extension IDs used by GOST are not official yet. Are these values > generally agreed upon by the websites which serve content using GOST > algorithms?
These values are provided as 'temporal private values till IANA provides registered values'. http://tc26.ru/methods/recommendation/%D0%A2%D0%9A26TLS.pdf page 12 (sorry, Russian only). > - Speaking of which, do you have any GOST-enabled websites we can use to > confirm interoperability? Yes. https://zakupki.gov.ru/ is compatible with -2001 version of standards. CryptoPro provides the following sites to test compatibility with -2012 version: http://tlsgost-2001auth.cryptopro.ru/ http://tlsgost-256auth.cryptopro.ru/ http://tlsgost-512auth.cryptopro.ru/ http://tlsgost-2001.cryptopro.ru/ http://tlsgost-256.cryptopro.ru/ http://tlsgost-512.cryptopro.ru/ Each of the sites contains buttons that will lead to ports :443, :1443, etc. (one per curve) to verify interoperability with their software. -- With best wishes Dmitry