[openssl-users] stronger Kex
mlrx
openssl.org at 18informatique.com
Tue Dec 27 08:15:21 UTC 2016
Le 21/12/2016 à 16:07, mlrx a écrit :
> Hello,
>
> I have two servers for testing purpose :
> - debian 6, apache 2.2, openssl 1.0.1t (mutu)
> - centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)
>
> Now, these 2 serveurs offers only those ciphers :
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
>
> I have two goals. First, I would like to use at least secp384r1
> and second (no problem), use an ECC certificate.
>
> Is it possible to do it with CHACHA20-POLY1305 ?
> Is it possible to use this cipher on those servers ?
>
> openssl ciphers -V CHACHA20 return an error on each server.
> I understand it's because there is no chacha20 cipher (?).
>
> Why can I connect a server by SSH with chacha20-poly1305 at openssh.com
> and not using it with Apache ?
>
> All advices are welcome :-).
>
> Best regards,
Hello,
Is somebody could explain me the difference between a message who
received an answer and this one ?
What's wrong ? RTFM ?
Best regards,
--
benoist
More information about the openssl-users
mailing list