Hi,
Looking into ssl.h\ s3_lib.c, I saw a change with the value of field in SSL_CIPHER, starting with OpenSSL 1.0:
unsigned long algorithm2; /* Extra flags */
In the implementation (s3_lib.c), most of the ciphers use SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF
for this flag,
when in previous versions it always was set to 0.
What does it mean? The definitions of these constants, from ssl_locl.h, are:
/* Bits for algorithm2 (handshake digests and other extra flags) */
#define SSL_HANDSHAKE_MAC_MD5 0x10
#define SSL_HANDSHAKE_MAC_SHA 0x20
#define SSL_HANDSHAKE_MAC_GOST94 0x40
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
and:
#define TLS1_PRF_DGST_SHIFT 8
#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
But can someone explain it better, please?
Thanks!