On 08/11/2015 00:04, Matt Caswell wrote: > On 07/11/15 02:54, Viktor Dukhovni wrote: >> On Fri, Nov 06, 2015 at 11:58:44PM +0000, Matt Caswell wrote: >>> OpenSSL selects the version it is going to use regardless of the >>> available ciphersuites. Only after selecting its version will the server >>> select the ciphersuite to use. If there aren't any compatible with the >>> selected version then it will fail with a "no shared cipher" error. >> Will we always do that. I am not confident we can promise this, >> but this is not at present about to change. >> > I think it is very unlikely to change for the currently available > released versions - and it is the behaviour of those versions that I am > describing. It could possibly change for future versions (as could > anything) - although I'm not aware of any plans to do so. I have seen rumors (nothing reliable) that the TLS WG is proposing to disable a whole lot of good cipher suites in TLS 1.3. If this happens in the final spec, then some lists of enabled ciphers would make TLS 1.2 the most secure choice even though TLS 1.3 is the highest shared version. More specifically, they seem to deprecate the suites that use separate MAC and CRYPT keys in favor of AEAD suites that are designed very close to the margins of being secure. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151109/fdd495b8/attachment.html>
