[openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA
Hubert Kario via RT
rt at openssl.org
Tue Jul 21 12:00:51 UTC 2015
On Tuesday 14 July 2015 08:36:51 David Thompson via RT wrote:
> > From: openssl-dev On Behalf Of James A. T. Rice via RT
> > Sent: Saturday, July 11, 2015 17:19
> >
> > From https://www.ietf.org/rfc/rfc4346.txt
> >
> > CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
> >
> > From https://www.openssl.org/docs/apps/ciphers.html
> >
> > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
> >
> > From ‘openssl ciphers -V | grep 0x16’
> >
> > 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA
> >
> > Enc=3DES(168) Mac=SHA1
> >
> > DHE-RSA-DES-CBC3-SHA (on the website) vs
> > EDH-RSA-DES-CBC3-SHA (actually usuable)
>
> OpenSSL used nonstandard spelling EDH for 6 old suites;
> 1.0.2 (post-beta) added "correct" spelling DHE as an alias.
> Website doc is for current (development) version; doc for
> older versions is included in the tarballs for those versions.
given that situations like this come up relatively often, maybe publishing man
pages for all supported versions with a drop down to switch between them[1]
would be a good idea...
1 - python docs style: https://docs.python.org/2/library/subprocess.html see
top left
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150721/e5da0d19/attachment.sig>
More information about the openssl-dev
mailing list