====== Differences ====== This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
soc:derekpryor [2006/07/10 14:16]
soc:derekpryor [2006/07/21 12:33] (current)
Line 5: Line 5:
 ---- ----
 +== Update (2006/​07/​21) ==
 +Have almost finished porting the MatrixSSL versions of SHA1 and MD5. (Just one function I have to track down). Going to work on RSA next and see how small we can get it. __Update__: I took a look at 3DES, and even though the code is large (due to constant arrays) it should be easy to port.   RSA is being a pain.
 +== Update (2006/​07/​17) ==
 +From openssl.org faq "​Typically you'll see a message saying there are no shared ciphers when the same setup works fine with an RSA certificate. There are two possible causes. The client may not support connections to DSA servers most web browsers (including Netscape and MSIE) only support connections to servers supporting RSA cipher suites. The other cause is that a set of DH parameters has not been supplied to the server."​ Because of this, I am going to look into the RSA algorithm and see how small it can be.
 +== Update (2006/​07/​16) ==
 +The CipherSuites that mod_ssl accepts depends on what algorithms openssl was compiled with. Then in httpd.conf there is a directive that specifies which algorithms to accepts, or reject, ​ and the default is to reject Anonymous DiffieHellman Suites. I will try to figure out which CipherSuites are avaliable on the default config.
 +== Update (2006/​07/​15) ==
 +News! CreateSSLHello is functional, creating a ssl client hello message that is accepted by any ssl server. Ran into a problem though. Based on size constraints I have selected 4 Cipher Suites that could be used with minimal space (SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,​ SSL_DH_DSS_WITH_DES_CBC_SHA,​ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,​ SSL_DH_anon_WITH_RC4_128_MD5). The problem is these are not the most common Suites used,  for example my basic install of Apache with SSL enabled does not accept any of these. So either we select some more Suites or the server admins will have to enable more Suites. I will figure out how to add these Suites to Apache shortly and post some more information.
 == Update (2006/​07/​10) == == Update (2006/​07/​10) ==

QR Code
QR Code soc:derekpryor (generated for current page)