On 14/02/18 16:27, Richard Moore wrote: > If I run the following: > > openssl-1.1.1pre1 ciphers -tls1_3 -v The man page says this about the "-tls1_3" option: "In combination with the B<-s> option, list the ciphers which would be used if TLSv1.3 were negotiated." So you need to add "-s". If you do that then you only get the TLSv1.3 ciphers. It's a little strange that the option is ignored if no -s is supplied (you might think supplying -tls1_3 would automatically imply -s). But that is the way that all the -tls* options work, so this is nothing new in 1.1.1. Matt > > Then I get lots of ciphers, for example AES128-SHA however the latest > draft TLS 1.3 RFC states: > > The list of supported symmetric algorithms has been pruned of all > algorithms that are considered legacy. Those that remain all use > Authenticated Encryption with Associated Data (AEAD) algorithms. > > This suggests that the ciphers command isn't working as intended. Should > I file an issue in github? > > Cheers > > Rich. > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
