On 28/04/15 13:31, jonetsu wrote: >> That refers to the minimum version of the ciphersuite: it >> doesn't imply that it will only be used in SSLv3 (which is >> disabled in FIPS mode). > > Hmmm... I'm sorry but I do not really understand this. Since openssl is > run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3 > ciphers show up ? If they have counterparts in TLS that could be used, why > wouldn't the TLS version show up instead ? SSLv3 in the ciphersuite definition means it can be used in SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3, and then again for TLS1.0, and again for TLS1.1 etc - its just defined once and is reused across multiple protocol versions. Matt
