AES in ECB mode

anupama m anuavnd at gmail.com
Thu Nov 16 10:40:48 UTC 2023 

Hi Martin,

Thanks for your reply. Let me explore the NULL option.

Furthermore I found this in the mailing list -
https://marc.info/?l=openssl-users&m=133242427913068 where the user has
added support for some specific ciphersuites in openssl. Is it possible for
me to define a custom ciphersuite with this method which can do - "Kx -DH,
Au - None, Enc=AESECB, Mac=SHA256" that can serve my purpose. Will the
openssl-1.1.1 version be able to support this?

Thanks,
Anupama M


On Thu, Nov 16, 2023 at 2:09 PM Martin Bonner via openssl-users <
openssl-users at openssl.org> wrote:

> > I am aware that ECB mode is insecure and not recommended but I still want
> > to use it for internal test purposes.
>
> > Is there any way I can use AES in ECB mode in any of these below ciphers
> > (Anonymous ciphers):
>
> > ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
> > ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
> > ADH-AES256-SHA256       TLSv1.2 Kx=DH Au=None Enc=AES(256)  Mac=SHA256
> > ADH-CAMELLIA256-SHA256  TLSv1.2 Kx=DH Au=None Enc=Camellia(256)
> Mac=SHA256
> > ADH-AES128-SHA256       TLSv1.2 Kx=DH Au=None Enc=AES(128)  Mac=SHA256
> > ADH-CAMELLIA128-SHA256  TLSv1.2 Kx=DH Au=None Enc=Camellia(128)
> Mac=SHA256
>
> I'm afraid not.  These are ciphers defined as part of the TLS standard,
> and were all intended to be secure at the time they were defined.
> If you want an insecure cipher, there is the NULL cipher.
>
> The GCM ones obviously can't do ECB because GCM is a different mode to ECB.
>
> The non-GCM ones still can't do ECB because they are actually defined to
> use CBC (which again, is a different mode).
>
> Also, the Camellia ones are defined to not use AES at all - they use the
> Camellia block cipher instead.
>
> --
> Martin Bonner
> Any email and files/attachments transmitted with it are intended solely
> for the use of the individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy, distribute or
> disclose of the information it contains. Please notify Entrust immediately
> and delete the message from your system.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231116/f997c149/attachment.htm>

More information about the openssl-users mailing list