Missing ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This makes total sense, thanks!

Ultimately I want to enable as many ciphers as possible as this machine is being used to test a new TLS forensic tool, so the server security isn't an issue to consider in configuration.

ST

> On Nov 4, 2015, at 4:01 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> 
>> On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote:
>> 
>> I find that I'm missing many ciphers when I interrogate my openssl service.
>> 
>> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443
>> -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl
>> ciphers -V TLSv1.2'.
>> 
>> How do I get the rest of these ciphers enabled?
> 
> Only ciphers found in the "DEFAULT" cipherlist that are compatible
> with your server certificate algorithm will be enabled in your
> server.
> 
> For example, if you only configured an RSA certificate, you won't
> be using ECDSA, DSA, kECDH, kDH, PSK or SRP ciphers.  Nor eNULL or
> aNULL ciphers...
> 
> So you should not expect to see many ciphers, and this is typically
> for the best.
> 
> -- 
>    Viktor.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux