[EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL option

Tomas Mraz tmraz at redhat.com
Tue Sep 8 17:57:10 UTC 2020 

On Tue, 2020-09-08 at 17:39 +0000, Yury Mazin via openssl-users wrote:
> Hello,
> 
> I have a question based on the response provided to me:
> 
> My question is why following openssl commands (version 1.1.1f) 
> return those TLSv1.3 ciphers as offering no authentication and no
> encryption?

What do you mean by no authentication and no encryption? The encryption
is provided as you can see with the Enc=.... value. And authentication
is provided as well because Au=any applies here meaning any
authentication method available in TLS-1.3 protocol.

As it was explained before the cipher string does not apply to TLS-1.3
ciphersuites so it does not matter if you put NULL, eNULL, aNULL or
anything else as the last parameter of the ciphers command.


> Yury
> From: openssl-users <openssl-users-bounces at openssl.org> on behalf of
> Viktor Dukhovni <openssl-users at dukhovni.org>
> Sent: Friday, September 4, 2020 12:10 PM
> To: openssl-users at openssl.org <openssl-users at openssl.org>
> Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl
> -cipher aNULL option
>  
> On Fri, Sep 04, 2020 at 07:00:01PM +0000, Yury Mazin via openssl-
> users wrote:
> 
> > Thank you Benjamin,
> > 
> > According to OpenSSL , aNULL stands for no-authentication.
> 
> Specifically, SSL 3.0 through TLS 1.2 ciphers in which the server and
> client exchange no certificates, and the TLS handshake consists
> largely
> of an unsigned anonymous ephemeral DH or ECDH key exchang.
> 
> TLS 1.3 dropped support for anonymous DH and ECDH.  Server
> certificates
> are *required.  And the all-in-one ciphersuites of TLS <= 1.2, are
> replaced with separately negotiated components.  As a result of
> which,
> in OpenSSL 1.1.1 and later, they are controlled via a different set
> of
> APIs and command-line options.
> 
> Specifically, in your case, the "-ciphers aNULL" option only applies
> to TLS <= 1.2
> 
> > Does it mean that all 3 default protocols of TLS 1.3 offer no
> > authentication
> 
> No.  None of them "support no authentication" (which is not even
> strictly
> true, it is the protocol that does not support "no authentication",
> the TLS 1.3 ciphers are simply silent re certificate algorithm
> selection),
> but the "-cipher aNULL" is simply not used when TLS 1.3 is
> negotiated,
> so your question is makes incorrect assumptions to reach its
> tentative
> conclusions.
> 
-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

More information about the openssl-users mailing list