openssl ciphers

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 21 04:31:41 UTC 2021


On Tue, Jul 20, 2021 at 11:47:25PM -0300, Webstrucs wrote:

> I needed to generate a cipher to insert as a parameter in a python function
> context = ssl.SSLContext.set_ciphers(ciphers), what I'm finding strange
> would be the generated size. My question would be if I should insert the
> entire cipher generated by the openssl ciphers -tls1_2 command that
> resulted in a cipher of more than 15 lines inside the parameter (ciphers) ?

With OpenSSL 1.1.x and later the sensible cipher suite to use is
"DEFAULT".  This is also what you get when you skip setting the ciphers.
Many HOWTO guides recommend all kinds of explicit tweaks to make the
cipherlist match the latest fad.  They're almost always misguided.

All supported OpenSSL versions ship with reasonable general purpose
ciphers, and more harm than good is achieved by trying to fine-tune
these.

-- 
    Viktor.


More information about the openssl-users mailing list