is there an API to list all the TLS 1.3 cipher suite names?

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: is there an API to list all the TLS 1.3 cipher suite names?

Hubert Kario
On Friday, 18 January 2019 02:33:20 CET Jordan Brown wrote:

> On 1/14/2019 4:09 AM, Matt Caswell wrote:
> > This works more "by accident". There is no ciphersuite alias called
> > "TLSv1.3", so using it as above results in no ciphersuites matched.
> > Since the TLSv1.3 ciphersuites are on by default anyway that's all
> > that you get back.
>
> From what you say, and based on experimentation, it seems like the
> TLSv1.3 ciphersuites are enabled even if you explicitly say to disable them.
>
>     $ openssl ciphers SHA384:\!TLS_AES_256_GCM_SHA384
>     *TLS_AES_256_GCM_SHA384*:TLS_CHACHA20_POLY1305_SHA256:[...]
>
>     $ openssl ciphers AES:-SHA384
>     *TLS_AES_256_GCM_SHA384*:TLS_CHACHA20_POLY1305_SHA256:[...]
>
> That doesn't seem right.  Am I missing something?
see man 1 ciphers
section "TLS v1.3 cipher suites" specifies all ciphers that are supported for
TLS 1.3 while -ciphersuites is used to change which are enabled

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: is there an API to list all the TLS 1.3 cipher suite names?

JordanBrown
In reply to this post by JordanBrown
On 1/17/2019 5:33 PM, Jordan Brown wrote:
Am I missing something?


Seems I was.  Thanks, all.

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
12