[openssl-users] stronger Kex
mlrx
openssl.org at 18informatique.com
Sun Jan 22 22:12:20 UTC 2017
Hello,
I also thank you. It was useful to.
Best regards.
benoist
Le 27/12/2016 à 17:38, Jeffrey Walton wrote :
>> I have two servers for testing purpose :
>> - debian 6, apache 2.2, openssl 1.0.1t (mutu)
>> - centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)
>>
>> Now, these 2 serveurs offers only those ciphers :
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
>>
>> I have two goals. First, I would like to use at least secp384r1
>> and second (no problem), use an ECC certificate.
>>
>> Is it possible to do it with CHACHA20-POLY1305 ?
>> Is it possible to use this cipher on those servers ?
>
> You need OpenSSL 1.1.0 or above for ChaCha20/Poly1305:
>
> $ openssl version
> OpenSSL 1.1.0b 26 Sep 2016
>
> $ openssl ciphers | tr ':' '\n' | grep -i chacha
> ECDHE-ECDSA-CHACHA20-POLY1305
> ECDHE-RSA-CHACHA20-POLY1305
> DHE-RSA-CHACHA20-POLY1305
> RSA-PSK-CHACHA20-POLY1305
> DHE-PSK-CHACHA20-POLY1305
> ECDHE-PSK-CHACHA20-POLY1305
> PSK-CHACHA20-POLY1305
>
> Jeff
>
--
benoist
More information about the openssl-users
mailing list