cipherlist with only tlsv1.3 ciphers reports error?
PGNet Dev
pgnet.dev at gmail.com
Fri Jul 19 17:38:19 UTC 2019
I suspect I've misunderstood usage of TLSv1.3 @
https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
Checking cipherlist for just TLSv1.3 ciphers FAILs here,
openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
Error in cipher list
but works if I add, e.g., 'ECDHE' group to the list
openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE'
0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
...
Why doesn't the 1st attempt, without the group added, work?
More information about the openssl-users
mailing list