Re: is there an API to list all the TLS 1.3 cipher suite names?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/14/2019 4:09 AM, Matt Caswell wrote:
This works more "by accident". There is no ciphersuite alias called "TLSv1.3", so using it as above results in no ciphersuites matched. Since the TLSv1.3 ciphersuites are on by default anyway that's all that you get back.


From what you say, and based on experimentation, it seems like the TLSv1.3 ciphersuites are enabled even if you explicitly say to disable them.

$ openssl ciphers SHA384:\!TLS_AES_256_GCM_SHA384
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:[...]

$ openssl ciphers AES:-SHA384
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:[...]

That doesn't seem right.  Am I missing something?

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux