[openssl-users] Openssl connects with Des-Cbc-sha in tls1. 2

vishnu raju rajuvishnu52 at gmail.com
Fri Dec 2 05:20:52 UTC 2016


Thank You so much, Jacob

Regards,
Vishnu Raju.

On Thu, Dec 1, 2016 at 5:56 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 01/12/2016 08:49, vishnu raju wrote:
>
>> Hi all,
>> I am getting connection success in a tls1.2 connection with Des-Cbc-sha
>> cipher.  But upto my knowledge this cipher is depreciated on tls1.2.
>> Thanks for your help.
>>
>> It is not disabled, just scheduled for future disabling as far
> as the TLS 1.2 standard/RFC is concerned.
>
> In OpenSSL its use is controlled by the "cipher list" setting,
> which is a runtime setting made by the client and server software.
>
> For single-DES (not triple DES), this would indicate that both ends
> are configured insecurely since single DES has been considered weak
> almost since the invention of SSL/TLS.
>
> For Triple-DES (DES3), some recent OpenSSL versions reclassified it
> to a lower grade because of the well-known (since the beginning)
> danger of encrypting too much data with a single key, a danger that
> was recently highlighted under the name SWEET32.  Triple DES can
> be enabled or disabled via an appropriate "cipher list" setting
> regardless of OpenSSL version.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161202/fb622a38/attachment-0001.html>


More information about the openssl-users mailing list