May be my email subject is a little confusing. I'll put my question directly.
If I configure my server with the string "HIGH+TLSv1.2:!MD5:!SHA1",
will it support 3DES?
On Wed, Aug 9, 2017 at 11:45 PM, Viktor Dukhovni
wrote:
> On Wed, Aug 09, 2017 at 04:07:30PM +,
> May be my email subject is a little confusing. I'll put my question directly.
>
> If I configure my server with the string "HIGH+TLSv1.2:!MD5:!SHA1", will it
> support 3DES?
No, as I showed.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From [this][1] link I can see that TLS1.2 does not have 3DES in their
> available
> cipher list. So I guess it does not support?
Right:
; ./apps/openssl ciphers -v HIGH+TLSv1.2:!MD5:!SHA1 | grep DES
; ./apps/openssl ciphers -v TLSv1.2:!MD5:!SHA1 | grep DES
; ./apps/openssl ciphers -v TLSv1.2
On Wed, Aug 09, 2017 at 04:07:30PM +, Salz, Rich via openssl-users wrote:
> > From [this][1] link I can see that TLS1.2 does not have 3DES in their
> > available
> > cipher list. So I guess it does not support?
>
> Right:
>
> ; ./apps/openssl ciphers -v HIGH+TLSv1.2:!MD5:!SHA1 | grep DES
>
On Mon, Aug 07, 2017, Daniel Andrade wrote:
> Hi all,
>
> I'm writing functions to create a digest of a data buffer using
> ECDSA+SHA256. I've been trying to work with only the high-level EVP
> interface, and not use the low-level interfaces.
>
> My understanding is that the resulting digest is
Hi,
I wanted to know if I configure my openssl server to explicitly use
TLSv1.2, the do I have to also mention not to use 3DES (by adding
"!3DES" to the string), or the expicit use of TLSv1.2 remove the
support of 3DES.
>From [this][1] link I can see that TLS1.2 does not have 3DES in their
I want to build a PKI structure of a root CA, intermediate CA(s), and
user and server certs. So I went looking for some guidance and found:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
Anything else out there?
The certs will all be ECDSA, P256 SHA256.
https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding
an intermediate should not be incredible difficult :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thanks Rich, I will take a look at this also.
Bob
On 08/09/2017 09:49 AM, Salz, Rich via openssl-users wrote:
https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding
an intermediate should not be incredible difficult :)
--
openssl-users mailing list
To unsubscribe: