Re: Listing TLS 1.3 Ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/04/2019 22:06, Richard Moore wrote:
> They also don't appear if you explicitly try to list 'All' which is what I found
> surprising.

"ALL" is a TLSv1.2 cipherstring and has no impact on the TLSv1.3 ciphersuite
selection. The two sets of ciphersuites are configured separately.


On 11/04/2019 00:06, Michael Richardson wrote:
> I think that those are the ones that constrained devices prefer,
> such as ECDHE-ECDSA-AES128-CCM8?
> So is there a way to validate that they are available, that there were
> compiled in?

You can get "openssl ciphers" to show them if you explicitly ask for them, i.e.

$ openssl ciphers -v -ciphersuites
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256"
| grep "TLSv1.3"
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESCCM8(128) Mac=AEAD


Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux