Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Viktor,

Thank you.

Yury

From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Viktor Dukhovni <openssl-users@xxxxxxxxxxxx>
Sent: Tuesday, September 8, 2020 10:56 AM
To: openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx>
Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL option
 
On Tue, Sep 08, 2020 at 05:39:51PM +0000, Yury Mazin via openssl-users wrote:

> I have a question based on the response provided to me:
>
> My question is why following openssl commands (version 1.1.1f)  return
> those TLSv1.3 ciphers as offering no authentication and no encryption?

It does not.  You still have not understood that "-ciphers" constrains
**ONLY** the TLS 1.2 (and earlier) cipher lists.  When you say:

    ciphers ... NULL

you asking for all the ciphers (TLS 1.2 and 1.3) where the TLS 1.2 ciphers
are NULL.  To also constrain the TLS 1.3 ciphers you MUST use the

    -ciphersuites ...

option to list the desired TLS 1.3 ciphersuites, otherwise they remain
unconstrained.

--
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux