Thank You so much, Jacob
Regards,
Vishnu Raju.On Thu, Dec 1, 2016 at 5:56 PM, Jakob Bohm <jb-openssl@xxxxxxxxxx> wrote:
On 01/12/2016 08:49, vishnu raju wrote:
Hi all,It is not disabled, just scheduled for future disabling as far
I am getting connection success in a tls1.2 connection with Des-Cbc-sha cipher. But upto my knowledge this cipher is depreciated on tls1.2.
Thanks for your help.
as the TLS 1.2 standard/RFC is concerned.
In OpenSSL its use is controlled by the "cipher list" setting,
which is a runtime setting made by the client and server software.
For single-DES (not triple DES), this would indicate that both ends
are configured insecurely since single DES has been considered weak
almost since the invention of SSL/TLS.
For Triple-DES (DES3), some recent OpenSSL versions reclassified it
to a lower grade because of the well-known (since the beginning)
danger of encrypting too much data with a single key, a danger that
was recently highlighted under the name SWEET32. Triple DES can
be enabled or disabled via an appropriate "cipher list" setting
regardless of OpenSSL version.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users