[openssl-users] Openssl connects with Des-Cbc-sha in tls1. 2
rajuvishnu52 at gmail.com
Fri Dec 2 05:20:52 UTC 2016
Thank You so much, Jacob
On Thu, Dec 1, 2016 at 5:56 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 01/12/2016 08:49, vishnu raju wrote:
>> Hi all,
>> I am getting connection success in a tls1.2 connection with Des-Cbc-sha
>> cipher. But upto my knowledge this cipher is depreciated on tls1.2.
>> Thanks for your help.
>> It is not disabled, just scheduled for future disabling as far
> as the TLS 1.2 standard/RFC is concerned.
> In OpenSSL its use is controlled by the "cipher list" setting,
> which is a runtime setting made by the client and server software.
> For single-DES (not triple DES), this would indicate that both ends
> are configured insecurely since single DES has been considered weak
> almost since the invention of SSL/TLS.
> For Triple-DES (DES3), some recent OpenSSL versions reclassified it
> to a lower grade because of the well-known (since the beginning)
> danger of encrypting too much data with a single key, a danger that
> was recently highlighted under the name SWEET32. Triple DES can
> be enabled or disabled via an appropriate "cipher list" setting
> regardless of OpenSSL version.
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users