[openssl-dev] Enabling AES-192 ciphers, how to expose DHE-RSA-AES192-GCM-SHA384
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Jan 9 19:25:50 UTC 2017
On Mon, Jan 09, 2017 at 07:57:43PM +0100, Leonard den Ottolander wrote:
> Considering that AES-192 seems to be very resistant against related key
> attacks (http://eprint.iacr.org/2009/317) and the algorithm is already
> available in the openssl code I am trying to expose the AES-192
> ciphers.
There are no AES-192 ciphersuites in the IANA TLS registry:
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
so these cannot (interoperably) be used with TLS.
> +/* AES-192 */
> + /* Cipher A8 */
> + {
> + 0, /* not implemented (non-ephemeral DH) */
> + TLS1_TXT_DH_DSS_WITH_AES_192_SHA256,
> + TLS1_CK_DH_DSS_WITH_AES_192_SHA256,
That codepoint is: TLS_PSK_WITH_AES_128_GCM_SHA256
> + /* Cipher A9 */
> + {
> + 0, /* not implemented (non-ephemeral DH) */
> + TLS1_TXT_DH_RSA_WITH_AES_192_SHA256,
> + TLS1_CK_DH_RSA_WITH_AES_192_SHA256,
That codepoint is: TLS_PSK_WITH_AES_256_GCM_SHA384
> + /* Cipher AA */
> + {
> + 1,
> + TLS1_TXT_DHE_DSS_WITH_AES_192_SHA256,
> + TLS1_CK_DHE_DSS_WITH_AES_192_SHA256,
Another conflict.
> + /* Cipher AB */
> + {
> + 1,
> + TLS1_TXT_DHE_RSA_WITH_AES_192_SHA256,
> + TLS1_CK_DHE_RSA_WITH_AES_192_SHA256,
Another conflict...
--
Viktor.
More information about the openssl-dev
mailing list