On Sat, Jul 20, 2019 at 07:35:49AM -0700, PGNet Dev wrote: > >> Checking cipherlist for just TLSv1.3 ciphers FAILs here, > >> > >> openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384' > >> Error in cipher list > > > > This is expected. Try: > > > > openssl ciphers -tls1_3 -stdname -s -V -ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256' 'aNULL' TLS 1.3 cipher code points are fundamentally different from TLS 1.0–1.2 cipher codepoints. You can't use any of the former in TLS 1.2 nor any of the latter in TLS 1.3. Many users specify a restricted set of TLS 1.2 ciphers, and if there was only one global cipherlist, they would as a result disable TLS 1.3 entirely. For the above and related reasons, in OpenSSL 1.1.1 the TLS 1.3 ciphersuite codepoints are managed separately from the TLS 1.0–1.2 cipher codepoints. In the ciphers(1) command, the final argument is the desired TLS 1.0–1.2 ciphers, while the "-ciphersuites" option selects the TLS 1.3 code points. > Can you clarify WHY that's expected? What's expected is that listing the TLS 1.3 ciphersuite names in the final argument that specifies TLS 1.2 ciphers will produce an error (empty set of ciphers). > Atm, it's inclear why it's working for Michael Wojcik ... different version? > something's changed? I am discounting his report of success. The full set of TLS 1.3 ciphers is enabled by default. If he did not use the -ciphersuites option, he was overriding just the 1.2 code points, and somehow managed to ultimately list just the TLS 1.3 code points. He also had a typo in the command he posted. It is not pertinent. > And, in webserver ssl_cipher configs, specifying ONLY the tls13 ciphersuites > fires a config error. Until I add a group, e.g. ECDHE, as well, to the > spec. This is expected. That "ssl_cipher" setting controls ONLY the TLS 1.2 cipherlist. To enable only the TLS 1.3 *protocol*, change the settings that control the protocol versions, not the ciphers. > If this^^ is 'expected', is that, then, actually an error? No. You've just not read the documentation carefully. -- Viktor.
