Re: GSSAPI signing/encryption for unsuspectingly applications (its not a bug)
Quanah Gibson-Mount wrote:
--On May 14, 2009 2:22:46 PM -0700 Howard Chu<hyc(a)symas.com>
wrote:
>> Secondly it seems so that Cyrus SASL code does not support SSF larger
>> than 56 for GSSAPI based signing/encryption (aka integrity/confidential
>
> Also wrong, Cyrus SASL/GSSAPI is known to work with up to ssf=112.
Hm, I thought for the GSSAPI mech, it was hard coded to 56. I've certainly
not seen it higher even with newer enc types that were at much higher
encryption levels.
Read TF code.
/* Heimdal and MIT use the following */
#ifdef GSS_KRB5_CONF_C_QOP_DES3_KD
#define K5_MAX_SSF 112
#endif
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/