[openssl-users] Does openssl server always choose highest TLS version offered?

Jakob Bohm jb-openssl at wisemo.com
Mon Nov 9 13:47:49 UTC 2015

On 08/11/2015 00:04, Matt Caswell wrote:
> On 07/11/15 02:54, Viktor Dukhovni wrote:
>> On Fri, Nov 06, 2015 at 11:58:44PM +0000, Matt Caswell wrote:
>>> OpenSSL selects the version it is going to use regardless of the
>>> available ciphersuites. Only after selecting its version will the server
>>> select the ciphersuite to use. If there aren't any compatible with the
>>> selected version then it will fail with a "no shared cipher" error.
>> Will we always do that.  I am not confident we can promise this,
>> but this is not at present about to change.
> I think it is very unlikely to change for the currently available
> released versions - and it is the behaviour of those versions that I am
> describing. It could possibly change for future versions (as could
> anything) - although I'm not aware of any plans to do so.
I have seen rumors (nothing reliable) that the TLS WG is proposing
to disable a whole lot of good cipher suites in TLS 1.3.  If this
happens in the final spec, then some lists of enabled ciphers would
make TLS 1.2 the most secure choice even though TLS 1.3 is the
highest shared version.

More specifically, they seem to deprecate the suites that use
separate MAC and CRYPT keys in favor of AEAD suites that are
designed very close to the margins of being secure.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151109/fdd495b8/attachment.html>

More information about the openssl-users mailing list