[openssl-dev] Support for TLS SHA2-512?
Stefan.Neis at t-online.de
Stefan.Neis at t-online.de
Fri Sep 25 08:48:44 UTC 2015
Hi,
> Does OpenSSL support TLS with SHA2-512?
No, since there is no such thing as a TLS cipher suite with SHA512.
Cipher suites need to be registered and assigned IDs, so servers/clients
can exchange those IDs to announce what cipher suites they support.
And if you look at the probably most up-to-date list of currently registered
cipher suites at
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
you'll see that there simply is no cipher suite using SHA512.
The rational for this is that SHA-384 already offers the same level
of security as the 256 bit block ciphers do, so there's no point in using
longer hashes.
Regards,
Stefan
More information about the openssl-dev
mailing list