[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: AES in ECB mode
From: anupama m <anuavnd () gmail ! com>
Date: 2023-11-16 10:52:48
Message-ID: CAOh_ZKTJeiJ9bkm+ZW_T3NOaU_vPRNm-KJUmt6W+m56tPJTWRg () mail ! gmail ! com
[Download RAW message or body]
Hi Martin,
Thanks for your reply. Let me explore the NULL option.
Furthermore I found this in the mailing list -
https://marc.info/?l=openssl-users&m=133242427913068 where the user has
added support for some specific ciphersuites in openssl. Is it possible for
me to define a custom ciphersuite with this method which can do - "Kx -DH,
Au - None, Enc=AESECB, Mac=SHA256" that can serve my purpose. Will the
openssl-1.1.1 version be able to support this?
Thanks,
Anupama M
On Thu, Nov 16, 2023 at 2:09 PM Martin Bonner via openssl-users <
openssl-users@openssl.org> wrote:
> > I am aware that ECB mode is insecure and not recommended but I still want
> > to use it for internal test purposes.
>
> > Is there any way I can use AES in ECB mode in any of these below ciphers
> > (Anonymous ciphers):
>
> > ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
> > ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
> > ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
> > ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256)
> Mac=SHA256
> > ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
> > ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128)
> Mac=SHA256
>
> I'm afraid not. These are ciphers defined as part of the TLS standard,
> and were all intended to be secure at the time they were defined.
> If you want an insecure cipher, there is the NULL cipher.
>
> The GCM ones obviously can't do ECB because GCM is a different mode to ECB.
>
> The non-GCM ones still can't do ECB because they are actually defined to
> use CBC (which again, is a different mode).
>
> Also, the Camellia ones are defined to not use AES at all - they use the
> Camellia block cipher instead.
>
> --
> Martin Bonner
> Any email and files/attachments transmitted with it are intended solely
> for the use of the individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy, distribute or
> disclose of the information it contains. Please notify Entrust immediately
> and delete the message from your system.
>
[Attachment #3 (text/html)]
<div dir="ltr">Hi Martin,<div><br></div><div>Thanks for your reply. Let me explore \
the NULL option.</div><div><br></div><div>Furthermore I found this in the mailing \
list - <a href="https://marc.info/?l=openssl-users&m=133242427913068" \
target="_blank">https://marc.info/?l=openssl-users&m=133242427913068</a> where \
the user has added support for some specific ciphersuites in openssl. Is it possible \
for me to define a custom ciphersuite with this method which can do - "Kx -DH, \
Au - None, Enc=AESECB, Mac=SHA256" that can serve my purpose. Will the \
openssl-1.1.1 version be able to support \
this?</div><div><br></div><div>Thanks,</div><div>Anupama \
M</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, Nov 16, 2023 at 2:09 PM Martin Bonner via openssl-users \
<<a href="mailto:openssl-users@openssl.org" \
target="_blank">openssl-users@openssl.org</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">> I am aware that ECB mode is insecure and not \
recommended but I still want<br> > to use it for internal test purposes.<br>
<br>
> Is there any way I can use AES in ECB mode in any of these below ciphers<br>
> (Anonymous ciphers):<br>
<br>
> ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD<br>
> ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD<br>
> ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256<br>
> ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256<br>
> ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256<br>
> ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256<br>
<br>
I'm afraid not. These are ciphers defined as part of the TLS standard,<br>
and were all intended to be secure at the time they were defined.<br>
If you want an insecure cipher, there is the NULL cipher.<br>
<br>
The GCM ones obviously can't do ECB because GCM is a different mode to ECB.<br>
<br>
The non-GCM ones still can't do ECB because they are actually defined to<br>
use CBC (which again, is a different mode).<br>
<br>
Also, the Camellia ones are defined to not use AES at all - they use the<br>
Camellia block cipher instead.<br>
<br>
--<br>
Martin Bonner<br>
Any email and files/attachments transmitted with it are intended solely for the use \
of the individual or entity to whom they are addressed. If this message has been sent \
to you in error, you must not copy, distribute or disclose of the information it \
contains. Please notify Entrust immediately and delete the message from your \
system.<br> </blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic