cipher suites

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

cipher suites

Skip Carter
If my application will support both TLSv1.2 and TLSv1.3 connections to
it (depending who is connecting), do I have to call both
SSL_CTX_set_ciphersuites() and SSL_CTX_set_cipher_list() when setting
up my context?


--
Skip Carter
Taygeta Scientific Inc.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: cipher suites

Viktor Dukhovni
You don't have to call either.  Both have sensible defaults.
Especially, with TLS 1.3, there is generally little reason
to choose non-default ciphers.

> On Oct 26, 2018, at 6:12 PM, Skip Carter <[hidden email]> wrote:
>
> If my application will support both TLSv1.2 and TLSv1.3 connections to
> it (depending who is connecting), do I have to call both
> SSL_CTX_set_ciphersuites() and SSL_CTX_set_cipher_list() when setting
> up my context?

If you're doing something unusual, or provide a configurable interface
with optional overrides of the ciphers to the application users, you
can customize either or both lists.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users