RC4-MD5 cipher suites rep;acement
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
RC4-MD5 cipher suites rep;acement
by PoWah Wong
::
Rate this Message:
Is there some cipher suites more secure than SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) so that they should replace RC4-MD5?
__________________________________________________________________ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: RC4-MD5 cipher suites rep;acement
by Chris Clark
::
Rate this Message:
On 5/15/08, PoWah Wong <wong_powah@...> wrote:
> Is there some cipher suites more secure than SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) so that they should replace RC4-MD5? The AES 256-bit cipher suites are not only more secure then RC4, they are also much faster. :) -Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: RC4-MD5 cipher suites rep;acement
by PoWah Wong
::
Rate this Message:
--- On Thu, 5/15/08, Chris Clark <a.chris.clark@...> wrote:
> From: Chris Clark <a.chris.clark@...> > Subject: Re: RC4-MD5 cipher suites rep;acement > To: openssl-users@... > Received: Thursday, May 15, 2008, 11:22 AM > On 5/15/08, PoWah Wong <wong_powah@...> wrote: > > Is there some cipher suites more secure than > SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) so that they should > replace RC4-MD5? > > The AES 256-bit cipher suites are not only more secure then > RC4, they > are also much faster. :) > > -Chris > ______________________________________________________________________ There are a few AES 256-bit cipher suites. i.e. Use TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) to replace SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) to replace SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right? __________________________________________________________________ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: RC4-MD5 cipher suites rep;acement
by Chris Clark
::
Rate this Message:
On 5/15/08, PoWah Wong <wong_powah@...> wrote:
> Use TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) to replace SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) > and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) to replace > SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right? I'm not clear on what your goal is, but if you are writing both the client and server applications that communicate only with each other then you would be fine supporting only specific cipher suites such as AES, but if you are writing only one end of it (client or server), then be aware that AES is not compatible with RC4, so your application would need to support at least one of the cipher suites which the other end requires. In the later case, if your application supports both AES and RC4, and if the other end supports AES the SSL handshake negotiation will select the better cipher AES, and if the other end only supports RC4 then it will be selected instead. -Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: RC4-MD5 cipher suites rep;acement
by PoWah Wong
::
Rate this Message:
--- On Thu, 5/15/08, Chris Clark <a.chris.clark@...> wrote:
> From: Chris Clark <a.chris.clark@...> > Subject: Re: RC4-MD5 cipher suites rep;acement > To: openssl-users@... > Received: Thursday, May 15, 2008, 1:46 PM > On 5/15/08, PoWah Wong <wong_powah@...> wrote: > > Use TLS_RSA_WITH_AES_256_CBC_SHA > (AES256-SHA) to replace SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) > > and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) > to replace > > SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right? > > I'm not clear on what your goal is, but if you are > writing both the > client and server applications that communicate only with > each other > then you would be fine supporting only specific cipher > suites such as > AES, but if you are writing only one end of it (client or > server), > then be aware that AES is not compatible with RC4, so your > application > would need to support at least one of the cipher suites > which the > other end requires. > > In the later case, if your application supports both AES > and RC4, and > if the other end supports AES the SSL handshake negotiation > will > select the better cipher AES, and if the other end only > supports RC4 > then it will be selected instead. > > -Chris > ______________________________________________________________________ However, I need to allow the users to use either one of the existing client and server applications. i.e. the users can upgrade either the client or server or both to use AES. Therefore the new client or server will support AES first, then RC4 second. __________________________________________________________________ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
| Free Forum Powered by Nabble | Forum Help |