> Server side at least it would be theoretically possible: i.e. only choose a
> ciphersuite if TLS v1.2 is negotiated. OpenSSL doesn't support this though.
I didn't think so, thanks. One possibility is to add a construct like
proto?cipher
to the colon-separated list. Any interest in a p
On Mon, Nov 25, 2013, Salz, Rich wrote:
> Is there a way to see something like AES128-SHA is okay with TLSv1.2, but not
> with SSLv3?
>
On the client side there's no way to represent this in the protocol, if you
support SSLv3 and TLS v1.2 then it is assumed that any cipher which can be
legally
The commandline utility 'ciphers' with the -V option (upper case V) displays
details for each selected suite including the minimum protocol version.
The specific case AES128-SHA is SSLv3 or higher. So far the only suites
limited to TLSv1.2
are the ones with SHA-2 (SHA256 or SHA384) MAC or w
