Strength bits for integrity-only cipher suites #22987
Closed
rajeev-0
started this conversation in
General Discussion
Replies: 2 comments
-
This is debatable - one option would be to set it based on the hash function strength. The other option would be to set it to zero. I am not sure what would be the implications of these choices. @mattcaswell might have an opinion which would be more appropriate. |
Beta Was this translation helpful? Give feedback.
0 replies
-
All existing integrity-only cipher suites (i.e. the TLSv1.2 ones) set 0 for the strength bits - so i think we should do the same for the TLSv1.3 ones. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am implementing integrity-only cipher suites (RFC9150) in OpenSSL 3.3 (#22903) where I need to provide the strength bits value for TLS_SHA256_SHA256 (uses HMAC-SHA256) & TLS_SHA384_SHA384 (uses HMAC-SHA384).
I am not sure how these strength bits values are derived. For integrity-only cipher, there is no encryption and only using HMAC.
I need help understanding the values which could be set for
strength_bits
for TLS_SHA256_SHA256 and TLS_SHA384_SHA384?Beta Was this translation helpful? Give feedback.
All reactions