[openssl-users] stronger Kex
mlrx
openssl.org at 18informatique.com
Wed Dec 21 15:07:06 UTC 2016
Hello,
I have two servers for testing purpose :
- debian 6, apache 2.2, openssl 1.0.1t (mutu)
- centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)
Now, these 2 serveurs offers only those ciphers :
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
I have two goals. First, I would like to use at least secp384r1
and second (no problem), use an ECC certificate.
Is it possible to do it with CHACHA20-POLY1305 ?
Is it possible to use this cipher on those servers ?
openssl ciphers -V CHACHA20 return an error on each server.
I understand it's because there is no chacha20 cipher (?).
Why can I connect a server by SSH with chacha20-poly1305 at openssh.com
and not using it with Apache ?
All advices are welcome :-).
Best regards,
--
benoist
More information about the openssl-users
mailing list