Re: stronger Kex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I have two servers for testing purpose :
> - debian 6, apache 2.2,   openssl 1.0.1t      (mutu)
> - centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)
>
> Now, these 2 serveurs offers only those ciphers :
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
>
> I have two goals. First, I would like to use at least secp384r1
> and second (no problem), use an ECC certificate.
>
> Is it possible to do it with CHACHA20-POLY1305 ?
> Is it possible to use this cipher on those servers ?

You need OpenSSL 1.1.0 or above for ChaCha20/Poly1305:

$ openssl version
OpenSSL 1.1.0b  26 Sep 2016

$ openssl ciphers | tr ':' '\n' | grep -i chacha
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
RSA-PSK-CHACHA20-POLY1305
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-CHACHA20-POLY1305
PSK-CHACHA20-POLY1305

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux