aes_cbc_hmac_sha1 implementation

Phani 2004 phani2004 at gmail.com
Wed Feb 26 07:59:01 UTC 2020 

Thanks for the quick response Matt.

My command was :
openssl s_client -connect 10.29.20.26 -cipher ECDHE-RSA-AES128-SHA -tls1_2.
I did not realise that "2" was not copied.

I am trying to implement combined algo support on our engine.
I am using the openssl s_server and s_client apps to validate my
implementation.
The combined algo that i am looking to implement is AES128/256 and SHA1.
Its clear that i should always use tls version less than 1.3 otherwise GCM
ciphers are used.

What cipher suites can i use to validate the above combination of combined
algo?
Which tls versions support which cipher suites?
Should i be doing "encrypt-then-mac" or "mac-then-encrypt" in my
implementation?
Does the cipher suite decide this?
If yes, what are the ciphers which do "encrypt-then-mac" and what ciphers
to "mac-then-encrypt"?

Thanks in advance.

Regards
Phani

On Tue, Feb 25, 2020 at 10:31 AM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 24/02/2020 13:04, Phani 2004 wrote:
> > Hi Team,
> >
> > "aes_cbc_hmac_sha1" implementation is currently supported on x86
> > platforms only.
> > With which RFC is this compliant with?
> > This cipher is only used when the "encrypt then mac" option is disabled.
> > Is this understanding correct. I am using openssl s_server and s_client
> > is i use the below command on client side.
> >
> > openssl s_client -connect 10.29.20.26 -cipher ECDHE-RSA-AES128-SHA -tls1_
> >
> > Is this correct?
> > I have following queries:
> >
> >  1. With which RFC is the current aes_cbc_hmac_sha1 implementation
> >     compliant with?
>
> Its a cipher used by AES128 and HMAC-SHA1 based ciphersuites compliant
> with TLSv1.2 (RFC5246) and earlier TLS protocol versions.
>
> >  2. It always does "mac then encrypt". Infact this cipher is invoked
> >     only when "encrypt then mac" flag is disabled. Is this correct?
>
> Correct. We always try to do encrypt-then-mac by default so s_client
> talking to s_server from the same OpenSSL version should never use this
> ciphersuuite
>
> >  3. Is the cipher i used in above s_client command correct?
> >
>
> openssl s_client -connect 10.29.20.26 -cipher ECDHE-RSA-AES128-SHA -tls1_
>
> The "-tls_" on the end is incorrect - that's not a valid flag. Perhaps
> you meant "-no_tls1_3" which would be fine. That's still not sufficient
> to guarantee usage of the aes_cbc_hmac_sha1 cipher though because
> Encrypt-then-mac will always be preferred.
>
> I don't think there is a command line option to s_client to force that
> off, although you can do it through a config file using the
> "EncryptThenMac" option.
>
> Matt
>
>
> > Thanks in advance.
> >
> > Regards
> > Phani
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200226/ddc76799/attachment-0001.html>

More information about the openssl-users mailing list