RE: SSL/TLS encryption algorithms

2013-11-04 Thread Dave Thompson
> From: owner-openssl-users On Behalf Of Viktor Dukhovni > Sent: Friday, November 01, 2013 18:12 > > > $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA > > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA > Enc=Camellia(256) Mac=SHA1 > > > > > > $ openssl ciphers -v AES128-SHA256 > > >

Re: SSL/TLS encryption algorithms

2013-11-03 Thread Walter H.
On 03.11.2013 18:27, Viktor Dukhovni wrote: On Sun, Nov 03, 2013 at 06:18:38PM +0100, Walter H. wrote: how would I define forward-secrecy on Apache webserver? If the server negotiated both ciphers, it already supports forward-secrecy (aka PFS) if the client does too. What about a browser that

Re: SSL/TLS encryption algorithms

2013-11-03 Thread Viktor Dukhovni
On Sun, Nov 03, 2013 at 06:18:38PM +0100, Walter H. wrote: > > >how would I define forward-secrecy on Apache webserver? > > > > If the server negotiated both ciphers, it already supports > > forward-secrecy (aka PFS) if the client does too. > > What about a browser that shows this > > SSL_CIPHER

Re: SSL/TLS encryption algorithms

2013-11-03 Thread Walter H.
On 01.11.2013 23:12, Viktor Dukhovni wrote: $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 $ openssl ciphers -v AES128-SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA

Re: SSL/TLS encryption algorithms

2013-11-01 Thread Viktor Dukhovni
> > $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) > > Mac=SHA1 > > > > $ openssl ciphers -v AES128-SHA256 > > AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) > > Mac=SHA256 > > > >Does your ap

Re: SSL/TLS encryption algorithms

2013-11-01 Thread Walter H.
Hello, On 01.11.2013 22:34, Viktor Dukhovni wrote: On Fri, Nov 01, 2013 at 09:56:10PM +0100, Walter H. wrote: Which one of the following two is better (1) or (2)? (1) SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=D

Re: SSL/TLS encryption algorithms

2013-11-01 Thread Viktor Dukhovni
On Fri, Nov 01, 2013 at 09:56:10PM +0100, Walter H. wrote: > Which one of the following two is better (1) or (2)? > > (1) > > SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 > (

SSL/TLS encryption algorithms

2013-11-01 Thread Walter H.
Hello, Which one of the following two is better (1) or (2)? (1) SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA SSL_CIPHER_ALGKEYSIZE=256 SSL_CIPHER_EXPORT=false SSL_CIPHER_USEKEYSIZE=256 SSL_COMPRESS_METHOD=NULL SSL_PROTOCOL=TLSv1 SSL_SECURE_RENEG=true (2) SSL_CIPHER=AES128-SHA256 SSL_CIPHER_ALGKEYSIZE=