[openssl-users] The default cipher of executable 'openssl'

Viktor Dukhovni openssl-users at dukhovni.org
Fri Jun 12 14:24:36 UTC 2015


On Fri, Jun 12, 2015 at 01:35:22AM -0700, Aaron wrote:

> Thanks so much, Viktor. Hence, this is an expected behavior change. In this
> case I will update my application.

Does your test case result in ECDHE being used when you change only
the protocol on both ends from ssl3 to tls1?  If so, I think this
that confirms my hunch.  

I've not hunted down the specific changes that might have tightened
down use of ECDHE in the absense of the relevant extensions (nor
even whether the change is in the server or client).  So this
analysis is "disturbingly plausible" (an amusing phrase borrowed
from another context, too long to explain...).

-- 
	Viktor.


More information about the openssl-users mailing list