On 4/21/2021 3:56 PM, @lbutlr wrote:
On 20 Apr 2021, at 13:20, Jim Albert <jim@xxxxxxxxxxxxx> wrote:On 4/20/2021 2:56 PM, @lbutlr wrote:Right, and I am running the current version of OpenSSL which, for example, doesn't support SSLv3 or TLSv1.1.I'd be surprised if that were true. If you run 'openssl ciphers -v ALL' you see no SSLv3 ciphers?TLSv1 is not a cipher, the cipher suites are different than the protocols, right? I'm pretty sure you cannot make a TLSv1 or TLSv1.1 connection to a openSSL 1.1.1k versions of OpenSSL.
Speaking very generally and rudimentary, cipher suites define a set of algorithms to secure network communications and include things like key exchange, authentication and encryption. They'll include various encryption and hash algorithms such as AES, RSA, MD5, SHA# and lots more.
SSL and TLS are protocols that define how sets of cipher suites are to be used. In order to achieve a certain level of security the various protocols require a certain level of cipher suite.
So.. in order to achieve a certain level of security you need to define above what level of SSL/TLS you will suport (currently that is generally TLSV1.1 and above) and then your cipher suite based on those required for your supported SSL/TLS protocol version minus any that have known significant vulnerabilities.
Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|