Relationship between TLS 1.3 ciphers and earlier ciphers

[Jordan Brown]

Our application has a user interface that shows you all of the available
ciphers, and lets you select and deselect individual ciphers.  (It does
*not* allow for pattern matching.)

We're working on supporting TLS 1.3.  In OpenSSL, that introduces new
functions SSL_set_ciphersuites() and SSL_CTX_set_ciphersuites().  We're
trying to understand how that relates to the previous functions
SSL_set_cipher_list() and SSL_CTX_set_cipher_list().  It would be *nice*
to be able to treat all cipher selection for all versions the same.

Experimentally, based on the behavior of "openssl ciphers" and its
-ciphersuites, it appears that the new function accepts all cipher
names, as long as you use the IANA TLS_* form of the name.  Source
inspection suggests that -ciphersuites is implemented directly atop
SSL_CTX_set_ciphersuites().

It *appears* that the behavior is that the explicit list of IANA-named
ciphers supplied with the "set_ciphersuites" functions is unioned with
the pattern-matched list of older ciphers supplied through the old
functions.

Consider that I appear to be able to select an old cipher using the new
option (and thus the new function):

    $ openssl ciphers -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA \!ALL
    AES256-SHA

Is this an intended feature?

-- 
Jordan Brown, Oracle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230523/4f2e744b/attachment.htm>