cipherlist with only tlsv1.3 ciphers reports error?

Viktor Dukhovni openssl-users at dukhovni.org
Sat Jul 20 15:17:45 UTC 2019 

On Sat, Jul 20, 2019 at 07:35:49AM -0700, PGNet Dev wrote:

> >> Checking cipherlist for just TLSv1.3 ciphers FAILs here,
> >>
> >> 	openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
> >> 		Error in cipher list
> > 
> > This is expected.  Try:
> > 
> >      openssl ciphers -tls1_3 -stdname -s -V -ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256' 'aNULL'

TLS 1.3 cipher code points are fundamentally different from TLS 1.0–1.2
cipher codepoints.  You can't use any of the former in TLS 1.2 nor any
of the latter in TLS 1.3.  Many users specify a restricted set of TLS
1.2 ciphers, and if there was only one global cipherlist, they would
as a result disable TLS 1.3 entirely.

For the above and related reasons, in OpenSSL 1.1.1 the TLS 1.3 ciphersuite
codepoints are managed separately from the TLS 1.0–1.2 cipher codepoints.

In the ciphers(1) command, the final argument is the desired TLS 1.0–1.2
ciphers, while the "-ciphersuites" option selects the TLS 1.3 code points.

> Can you clarify WHY that's expected?

What's expected is that listing the TLS 1.3 ciphersuite names in
the final argument that specifies TLS 1.2 ciphers will produce an
error (empty set of ciphers).

> Atm, it's inclear why it's working for Michael Wojcik ... different version?
> something's changed?

I am discounting his report of success.  The full set of TLS 1.3
ciphers is enabled by default.  If he did not use the -ciphersuites
option, he was overriding just the 1.2 code points, and somehow
managed to ultimately list just the TLS 1.3 code points.   He
also had a typo in the command he posted.  It is not pertinent.

> And, in webserver ssl_cipher configs, specifying ONLY the tls13 ciphersuites
> fires a config error.  Until I add a group, e.g. ECDHE, as well, to the
> spec.

This is expected.  That "ssl_cipher" setting controls ONLY the TLS 1.2
cipherlist.  To enable only the TLS 1.3 *protocol*, change the settings
that control the protocol versions, not the ciphers.

> If this^^ is 'expected', is that, then, actually an error?

No.  You've just not read the documentation carefully.

-- 
	Viktor.

More information about the openssl-users mailing list