[openssl-dev] [openssl.org #4141] GOST ciphersuites
Dmitry Belyavsky
beldmit at gmail.com
Mon Nov 16 20:33:34 UTC 2015
Dear Stephen,
On Mon, Nov 16, 2015 at 5:22 PM, Stephen Henson via RT <rt at openssl.org>
wrote:
> On Sun Nov 15 10:04:28 2015, beldmit at gmail.com wrote:
> > Hello!
> >
> > In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set
> > the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are
> not
> > usable with SSLv3, they require TLSv1.
> >
> > Could you turn the flag back for the GOST ciphersuites?
> >
>
> Does that commit break anything? It should not change the previous
> functionality in any way because we also had this in ssl_locl.h:
>
No, it does not break our tests.
>
> # define SSL_TLSV1 SSL_SSLV3/* for now */
>
> The subsequent commits change SSL_TLSV1 so it really disables ciphersuites
> in
> SSL v3 (before it didn't) and adds the flag to PSK+SHA2 ciphersuites, We
> can
> add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour
> from
> what it was before.
>
Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so
the change should not affect the GOST-related behaviour.
So I think it will be better for clarity.
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151116/de4fa810/attachment-0001.html>
More information about the openssl-dev
mailing list