On 2020-04-22 15:22, Hubert Kario wrote:
On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
wrote:
That link shows whatever anyone's browser is configured to handle
when clicking
the link.
The important thing is which browsers you need to support, like the
ones on
https:
On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
wrote:
That link shows whatever anyone's browser is configured to
handle when clicking
the link.
The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html
Beware
On Tue, Apr 21, 2020 at 04:06:04PM +0100, Junaid Mukhtar wrote:
> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>
> We have a requirement to match cipher list on the internal server to match
> the native browser cipher list as shown by the
> https://clienttest.ssllabs.
That link shows whatever anyone's browser is configured to handle when
clicking
the link.
The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html
Beware that the list I just linked is woefully incomplete for those of
us who
acti
Hi Tomas/Team
I have managed to block the RC4 and enable tlsv1 as per our requirements.
We have a requirement to match cipher list on the internal server to match
the native browser cipher list as shown by the
https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
I have tried setting up
On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:
> On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>
> > Or you could modify the /etc/pki/tls/openssl.cnf:
> > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> > line in it and insert something like:
> >
> >
On Fri, Apr 17, 2020 at 06:06:56PM +0100, Junaid Mukhtar wrote:
> Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
> that via Tomas recommendation it enables rc4 cipher.
Yes, but in OpenSSL 1.1.1, it is not clear why enabling the protocol has
any impact on the cipher sel
Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
that via Tomas recommendation it enables rc4 cipher.
We want to disable rc4 but keep tlsv1 and that's why the ask for the
process
Thanks,
On Fri, 17 Apr 2020 at 18:04, Viktor Dukhovni
wrote:
> On Fri, Apr 17, 2020 at 05
On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
> Or you could modify the /etc/pki/tls/openssl.cnf:
> Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> line in it and insert something like:
>
> CipherString =
> @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!D
Note: This is better asked on the CentOS support forums, since it asks
about changes that CentOS made to OpenSSL.
This is an unsupported configuration, and will be overwritten if you audit
or reinstall the crypto-policies package. Also, I haven't looked to see
where /etc/crypto-policies/back-ends
It will be possible via Custom crypto policies in 8.2 release.
It can be solved only in a hackish way on 8.1.
You can manually edit /etc/crypto-policies/back-ends/openssl*.config
files however that will not survive further runs of update-crypto-
policies or package updates.
Or you could modify t
Hi Tomas
Is it possible to enable legacy protocols/ciphers but disable only one. In
particular we want RC4-SHA to be disable
Regards,
Junaid
On Wed, Apr 15, 2020 at 5:13 PM Junaid Mukhtar
wrote:
> Thanks a lot; It really helped
>
>
> Regards,
> Junaid
>
>
> On Wed, Apr 15, 2
Thanks a lot; It really helped
Regards,
Junaid
On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz wrote:
> On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> > Hi Team
> >
> > I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> > upgrade the server unfortunately so
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using
14 matches
Mail list logo
