[Date Prev][Date Next]
Re: GSSAPI signing/encryption for unsuspectingly applications (its not a bug)
Quanah Gibson-Mount wrote:
--On May 14, 2009 2:22:46 PM -0700 Howard Chu<firstname.lastname@example.org> wrote:
Secondly it seems so that Cyrus SASL code does not support SSF larger
than 56 for GSSAPI based signing/encryption (aka integrity/confidential
Also wrong, Cyrus SASL/GSSAPI is known to work with up to ssf=112.
Hm, I thought for the GSSAPI mech, it was hard coded to 56. I've certainly
not seen it higher even with newer enc types that were at much higher
Read TF code.
/* Heimdal and MIT use the following */
#define K5_MAX_SSF 112
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/