OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-dd message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issues 110 and 111 Ciphersuite Investigation


Preliminary Results of Ciphersuite Investigation

Differences between TLS versions:

From The Transport Layer Security (TLS) Protocol, Version 1.1, RFC 4346, April 2006:

        1.1. Differences from TLS 1.0

           This document is a revision of the TLS 1.0 [TLS1.0] protocol, and
           contains some small security improvements, clarifications, and
           editorial improvements.  The major changes are:

           -  The implicit Initialization Vector (IV) is replaced with an
              explicit IV to protect against CBC attacks [CBCATT].

           -  Handling of padding errors is changed to use the bad_record_mac
              alert rather than the decryption_failed alert to protect against
              CBC attacks.

           -  IANA registries are defined for protocol parameters.

           -  Premature closes no longer cause a session to be nonresumable.

           -  Additional informational notes were added for various new attacks
              on TLS.

           In addition, a number of minor clarifications and editorial
           improvements were made.


From The Transport Layer Security (TLS) Protocol, Version 1.2, RFC 5246, August 2008:

        1.2.  Major Differences from TLS 1.1

           This document is a revision of the TLS 1.1 [TLS1.1] protocol which
           contains improved flexibility, particularly for negotiation of
           cryptographic algorithms.  The major changes are:

           -  The MD5/SHA-1 combination in the pseudorandom function (PRF) has
              been replaced with cipher-suite-specified PRFs.  All cipher suites
              in this document use P_SHA256.

           -  The MD5/SHA-1 combination in the digitally-signed element has been
              replaced with a single hash.  Signed elements now include a field
              that explicitly specifies the hash algorithm used.

           -  Substantial cleanup to the client's and server's ability to
              specify which hash and signature algorithms they will accept.
              Note that this also relaxes some of the constraints on signature
              and hash algorithms from previous versions of TLS.

           -  Addition of support for authenticated encryption with additional
              data modes.

           -  TLS Extensions definition and AES Cipher Suites were merged in
              from external [TLSEXT] and [TLSAES].

           -  Tighter checking of EncryptedPreMasterSecret version numbers.

           -  Tightened up a number of requirements.

           -  Verify_data length now depends on the cipher suite (default is
              still 12).

           -  Cleaned up description of Bleichenbacher/Klima attack defenses.

           -  Alerts MUST now be sent in many cases.

           -  After a certificate_request, if no certificates are available,
              clients now MUST send an empty certificate list.

           -  TLS_RSA_WITH_AES_128_CBC_SHA is now the mandatory to implement
              cipher suite.

           -  Added HMAC-SHA256 cipher suites.

           -  Removed IDEA and DES cipher suites.  They are now deprecated and
              will be documented in a separate document.

           -  Support for the SSLv2 backward-compatible hello is now a MAY, not
              a SHOULD, with sending it a SHOULD NOT.  Support will probably
              become a SHOULD NOT in the future.

           -  Added limited "fall-through" to the presentation language to allow
              multiple case arms to have the same encoding.

           -  Added an Implementation Pitfalls sections

           -  The usual clarifications and editorial work.






Browser Supported Ciphersuites:

Safari v3.2 Ciphersuites (claims support for TLSv1.0)

            Cipher Suites (19 suites)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
                Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
                Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
                Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
                Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
                Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)

Camino v1.6.5 Ciphersuites (claims support for TLSv1.0)

            Cipher Suites (28 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)


dhw

David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]