On 1/14/2019 4:09 AM, Matt Caswell wrote:
> This works more "by accident". There is no ciphersuite alias called
> "TLSv1.3", so using it as above results in no ciphersuites matched.
> Since the TLSv1.3 ciphersuites are on by default anyway that's all
> that you get back.
>From what you say, and based on experimentation, it seems like the
TLSv1.3 ciphersuites are enabled even if you explicitly say to disable them.
$ openssl ciphers SHA384:\!TLS_AES_256_GCM_SHA384
*TLS_AES_256_GCM_SHA384*:TLS_CHACHA20_POLY1305_SHA256:[...]
$ openssl ciphers AES:-SHA384
*TLS_AES_256_GCM_SHA384*:TLS_CHACHA20_POLY1305_SHA256:[...]
That doesn't seem right. Am I missing something?
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
