On Sun, Jan 05, 2014 at 06:31:46PM -0500, micah wrote:
> > Given cipherlist class names:
> >
> > kEECDH - cipher suites that support Ephemeral ECDH key exchange
> > kEDH - cipher suites that support Ephemeral DH key exchange
>
> I'm sorry, but I have no idea what "cipherlist class names" are, would
> you mind clarifying what that is, I tried to search the web for those
> names, but was not able to uncover anything.
There's nothing to research. I meant to say "cipher suite class names",
and these are not surprisingly names of classes of cipher suites. That
is names you can use in an OpenSSL cipherlist that match multiple cipher
suites.
aNULL - anonymous cipher suites
aRSA - cipher suites with RSA certificate authentication.
eNULL - cipher suites with no encryption
kEECDH - cipher suites with EECDH (ECDHE) key exchange.
AES - cipher suites that use AES payload encryption.
...
each of which matches a set of ciphers suites whose elements have
names that correspond to a single combination of algorithms, such as:
RC4-SHA
AES128-SHA
ECDHE-ECDSA-AES256-SHA384 (OpenSSL 1.0.2 or later)
$ openssl ciphers -v 'ECDHE-ECDSA-AES256-SHA384:AES128-SHA:RC4-SHA'
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
--
Viktor.
