aes_cbc_hmac_sha1 implementation

Matt Caswell matt at openssl.org
Tue Feb 25 05:00:44 UTC 2020



On 24/02/2020 13:04, Phani 2004 wrote:
> Hi Team,
> 
> "aes_cbc_hmac_sha1" implementation is currently supported on x86
> platforms only.
> With which RFC is this compliant with?
> This cipher is only used when the "encrypt then mac" option is disabled.
> Is this understanding correct. I am using openssl s_server and s_client
> is i use the below command on client side.
> 
> openssl s_client -connect 10.29.20.26 -cipher ECDHE-RSA-AES128-SHA -tls1_
> 
> Is this correct?
> I have following queries:
> 
>  1. With which RFC is the current aes_cbc_hmac_sha1 implementation
>     compliant with?

Its a cipher used by AES128 and HMAC-SHA1 based ciphersuites compliant
with TLSv1.2 (RFC5246) and earlier TLS protocol versions.

>  2. It always does "mac then encrypt". Infact this cipher is invoked
>     only when "encrypt then mac" flag is disabled. Is this correct?

Correct. We always try to do encrypt-then-mac by default so s_client
talking to s_server from the same OpenSSL version should never use this
ciphersuuite

>  3. Is the cipher i used in above s_client command correct?
> 

openssl s_client -connect 10.29.20.26 -cipher ECDHE-RSA-AES128-SHA -tls1_

The "-tls_" on the end is incorrect - that's not a valid flag. Perhaps
you meant "-no_tls1_3" which would be fine. That's still not sufficient
to guarantee usage of the aes_cbc_hmac_sha1 cipher though because
Encrypt-then-mac will always be preferred.

I don't think there is a command line option to s_client to force that
off, although you can do it through a config file using the
"EncryptThenMac" option.

Matt


> Thanks in advance.
> 
> Regards
> Phani


More information about the openssl-users mailing list