[openssl-users] Considering C# OpenSSL openssl-net-master

J. J. Farrell jeremy.farrell at oracle.com
Wed Jul 26 20:31:15 UTC 2017


On 26/07/2017 20:58, Jakob Bohm wrote:
> On 25/07/2017 19:00, Salz, Rich via openssl-users wrote:
>>
>> If you want to use those ciphers, you need to set SECLEVEL=0 when you 
>> specify the ciphers.
>
> When did TLS_RSA_WITH_AES_128_CBC_SHA256 and higher become
> "low security"?
>
> It looks like the client is an older product (ECDH only offered
> for ECDSA certs, classic DH not offered, no algorithms above
> 128 bits).
>
> So I guess the OP just needs to check if he is using an empty
> cipher string or something silly like that.

The OP said he was testing his "Tls Client that supports TLS starting 
from version 1.2 and all the cipher suites". Perhaps he's found his 
first bug, since the client isn't offering all the TLS 1.2 cipher suites ...

-- 
J. J. Farrell
Not speaking for Oracle

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170726/86f70f56/attachment.html>


More information about the openssl-users mailing list