cipherlist with only tlsv1.3 ciphers reports error?
Michael Wojcik
Michael.Wojcik at microfocus.com
Sat Jul 20 16:57:04 UTC 2019
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> Viktor Dukhovni
> Sent: Saturday, July 20, 2019 09:18
>
> > Atm, it's inclear why it's working for Michael Wojcik ... different
> version?
> > something's changed?
>
> I am discounting his report of success. The full set of TLS 1.3
> ciphers is enabled by default. If he did not use the -ciphersuites
> option, he was overriding just the 1.2 code points, and somehow
> managed to ultimately list just the TLS 1.3 code points. He
> also had a typo in the command he posted. It is not pertinent.
Shrug. I copied and pasted the command from PGNet Dev's email, and copied and pasted the result into my email. (I thought "TTLS" was a typo, but when the command worked as presented in the original email, didn't investigate further.) What I posted is nothing more or less than what the openssl executable currently on my system returns for that command.
Clearly that build of 1.1.1 does not work the way you expect.
That said, I'm no longer interested in *why* it doesn't. That's not the OpenSSL build we're shipping in any current product, and the configuration mechanism for the products I'm responsible for works as expected; that is, our tests confirm that the product is enabling both the configured TLSv1.3 suites and the configured pre-1.3 suites, on both client and server sides. I will, of course, save copies of Viktor's notes, since they contain important information about the operation of the ciphers command.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list