On 2020-04-22 15:22, Hubert Kario wrote:
On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
wrote:
That link shows whatever anyone's browser is configured to handle
when clicking
the link.
The important thing is which browsers you need to support, like the
ones on
https:
On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
wrote:
That link shows whatever anyone's browser is configured to
handle when clicking
the link.
The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html
Beware
On Tue, Apr 21, 2020 at 04:06:04PM +0100, Junaid Mukhtar wrote:
> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>
> We have a requirement to match cipher list on the internal server to match
> the native browser cipher list as shown by the
> https://clienttest.ssllabs.
That link shows whatever anyone's browser is configured to handle when
clicking
the link.
The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html
Beware that the list I just linked is woefully incomplete for those of
us who
acti
Hi Tomas/Team
I have managed to block the RC4 and enable tlsv1 as per our requirements.
We have a requirement to match cipher list on the internal server to match
the native browser cipher list as shown by the
https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
I have tried setting up
On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:
> On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>
> > Or you could modify the /etc/pki/tls/openssl.cnf:
> > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> > line in it and insert something like:
> >
> >
On Fri, Apr 17, 2020 at 06:06:56PM +0100, Junaid Mukhtar wrote:
> Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
> that via Tomas recommendation it enables rc4 cipher.
Yes, but in OpenSSL 1.1.1, it is not clear why enabling the protocol has
any impact on the cipher sel
Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
that via Tomas recommendation it enables rc4 cipher.
We want to disable rc4 but keep tlsv1 and that's why the ask for the
process
Thanks,
On Fri, 17 Apr 2020 at 18:04, Viktor Dukhovni
wrote:
> On Fri, Apr 17, 2020 at 05
On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
> Or you could modify the /etc/pki/tls/openssl.cnf:
> Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> line in it and insert something like:
>
> CipherString =
> @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!D
ally helped
>>
>>
>> Regards,
>> Junaid
>>
>>
>> On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz wrote:
>>
>>> On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
>>> > Hi Team
>>> >
>>> > I am trying
com> wrote:
> > Thanks a lot; It really helped
> >
> >
> > Regards,
> > Junaid
> >
> >
> > On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz
> > wrote:
> > > On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
>
>
> On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz wrote:
>
>> On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
>> > Hi Team
>> >
>> > I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
>> > upgrade the server
Thanks a lot; It really helped
Regards,
Junaid
On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz wrote:
> On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> > Hi Team
> >
> > I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> >
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the Open
Hi Team
I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
upgrade the server unfortunately so we need to enable TLSv1 with
weak-ciphers on OpenSSL.
I have tried to build the OpenSSL version manually using switches "./config
--prefix=/usr/local/openssl --openssldir=
15 matches
Mail list logo
