Ssl version 3 cipher suites – Zilog EZ80F91AZA User Manual

UM020107-1211

ZTP Network Security SSL Plug-In

User Manual

64

When SSLv2 was drafted, the U.S. export laws restricted the length of the encryption keys
to 40 bits and public keys to 512 bits. Therefore, when the longer keys are exchanged only
40 bits of the key can be encrypted. The remaining key must be sent in clear text. Similarly,
the public key size used in export cipher suites must be restricted to 512 bits or less.

SSL Version 3 Cipher Suites

The SSLv3 and TLSv1 cipher suites contained in their respective specifications are nearly
identical. The only significant difference is the SSLv3 specification included support for
the Fortezza key exchange algorithm, which is not included in the TLSv1 specification.
Otherwise, the only difference between the cipher suites is all SSLv3 cipher suites use SSL
as the first three characters in the cipher suite mnemonic; while TLSv1 cipher suites use
TLS. Therefore, the SSLv3 cipher suite

SSL_RSA_WITH_RC4_128_MD5

is identical to the

TLSv1 cipher SUITE

TLS_RSA_WITH_RC4_128_MD5

.

Table 9

shows the cipher suites defined in the SSL version 3 specification and indicates

which of them are supported by the ZTP Network Security SSL Plug-In.

Table 9. SSLv3 Cipher Suites

Cipher Suite Mnemonic

Supported?

SSL_RSA_WITH_NULL_MD5

Yes

SSL_RSA_WITH_NULL_SHA

Yes

SSL_RSA_EXPORT_WITH_RC4_40_MD5

Yes

SSL_RSA_WITH_RC4_128_MD5

Yes

SSL_RSA_WITH_RC4_128_SHA

Yes

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

No

SSL_RSA_WITH_IDEA_CBC_SHA

No

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

Yes

SSL_RSA_WITH_DES_CBC_SHA

Yes

SSL_RSA_WITH_3DES_EDE_CBC_SHA

Yes

SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

Yes

SSL_DH_DSS_WITH_DES_CBC_SHA

Yes

SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA

Yes

SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

Yes

SSL_DH_RSA_WITH_DES_CBC_SHA

Yes

SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA

Yes

Note: