[openssl-users] How to sort cipher list by ephemeral/non-ephemeral?
Salz, Rich
rsalz at akamai.com
Mon Nov 7 17:29:49 UTC 2016
You can't do it with keywords. Be explicit about what you want and put it in the order you want. That way you will not be surprised when the expansion of a keyword changes.
>From your list, ECDHE first, then decide RSA/ECDSA. Then AES-GCM. Why do you care about sha384 vs 256? Do you really need camellia-only?
And @STRENGTH is a hack, looking at only one factor.
Here is a real-world example (this ignores some of my advice)
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:AES256-GCM-SHA384:
AES256-SHA256:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richsalz at jabber.at Twitter: RichSalz
More information about the openssl-users
mailing list