cipherlist with only tlsv1.3 ciphers reports error?

PGNet Dev pgnet.dev at gmail.com
Fri Jul 19 17:38:19 UTC 2019


I suspect I've misunderstood usage of TLSv1.3 @

    https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/

Checking cipherlist for just TLSv1.3 ciphers FAILs here,

	openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
		Error in cipher list

but works if I add, e.g., 'ECDHE' group to the list

	openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE'
	          0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
	          0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
	          0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
	          ...

Why doesn't the 1st attempt, without the group added, work?



More information about the openssl-users mailing list