[Ach] Issue with OpenSSL >0.9.8l <1.0.0
Torsten Gigler
torsten.gigler at owasp.org
Fri Apr 25 17:05:37 CEST 2014
Hi Aaron,
2014-04-25 16:39 GMT+02:00 Aaron Zauner <azet at azet.org>:
>
> Torsten Gigler wrote:
> > Hi
> > Remarks:
> > - I changed the order of the ciphers (= Priority of the ciphers a server
> > chooses, if 'Server Order' is set),
> > - excluded '0x00,0x33 - DHE-RSA-AES128-SHA' to protect aginst a possible
> > incompatibility for JAVA6+7 & DH-Keys >1024bits
> > - added '0x00,0x9D - AES256-GCM-SHA384' and '0x00,0x9C -
> > AES128-GCM-SHA256' (is there any reason why they weren't included before?
> Ah didnt see that.
>
> What is the issue with JAva and AES128? Shouldn't that be the same issue
> with AES256?
>
0x00,0x39 - DHE-RSA-AES256-SHA is not supported by them, so they can't have
issues with it ;-)
https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=6u45
https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25
Kind regards
Torsten
> Aaron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/44deec7a/attachment.html>
More information about the Ach
mailing list