[openssl-dev] [openssl.org #4497] openssl ciphers app possible bug
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Apr 2 18:36:44 UTC 2016
> On Apr 2, 2016, at 10:05 AM, Daniel Gruszczyk via RT <rt at openssl.org> wrote:
>
> Hi,I was playing with a ciphers app to create example list of suites. Looking at the website (https://openssl.org/docs/manmaster/apps/ciphers.html) if I run one of the examples there:
> openssl ciphers -v '3DES:+RSA'I supposed to get a list of 3DES ciphers with any RSA ones at the end of the list (if I can read correctly).
You're forgetting about the distinction between "kRSA" and "aRSA".
The "RSA" cipher string is a synonym for "kRSA" (RSA key exchange),
not "aRSA" (RSA authentication).
This documented in ciphers(1):
kRSA, RSA
cipher suites using RSA key exchange.
...
aRSA
cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
--
Viktor.
More information about the openssl-dev
mailing list