cipherlist with only tlsv1.3 ciphers reports error?

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Jul 19 19:25:52 UTC 2019


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> PGNet Dev
> Sent: Friday, July 19, 2019 11:38
>
> Checking cipherlist for just TLSv1.3 ciphers FAILs here,
>
>       openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-
> SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
>               Error in cipher list

Works for me:

-----
$ openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
          0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
          0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD

$ openssl version -f -p
OpenSSL 1.1.1  11 Sep 2018
platform: VC-WIN64A
compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_NO_AUTOLOAD_CONFIG
-----

Different OpenSSL release? (This particular openssl.exe executable is a bit old, obviously; I haven't bothered to update the one on this machine in a while.) Difference in build configuration? Configuration file difference?

--
Michael Wojcik
Distinguished Engineer, Micro Focus




More information about the openssl-users mailing list