Re: SSL/TLS encryption algorithms

Walter H. Sun, 03 Nov 2013 09:22:27 -0800

On 01.11.2013 23:12, Viktor Dukhovni wrote:

     $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
     DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) 
Mac=SHA1


     $ openssl ciphers -v AES128-SHA256
     AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  
Mac=SHA256

Does your application need to perform faster, offer forward-secrecy, be
most interoperable, ... ?

these was the result of using 2 different browsers with the same SSL
website ...
(1) an old firefox
(2) the latest IE - IE11 on Win 8.1

https://ssl.mathemainzel.info/info/
you can try your browser ...

how would I define forward-secrecy on Apache webserver?

If the server negotiated both ciphers, it already supports
forward-secrecy (aka PFS) if the client does too.

What about a browser that shows this

SSL_CIPHER=RC4-MD5
SSL_CIPHER_ALGKEYSIZE=128
SSL_CIPHER_EXPORT=false
SSL_CIPHER_USEKEYSIZE=128
SSL_COMPRESS_METHOD=NULL
SSL_PROTOCOL=TLSv1
SSL_SECURE_RENEG=true

Thanks,
Walter

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: SSL/TLS encryption algorithms

Reply via email to