On Saturday 09 May 2015 18:22:52 Benny Baumann via RT wrote: > Hi, > > as the normal specification of cipher strings can be somewhat clumsy to > use from time to time it would be nice if one could use the raw ID of a > cipher (with all the usual operators): > > ALL:!0x00c012 > Allow everything except TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > HIGH:-AES:+0x00c030 > Allow all HIGH secure ciphers except AES, but explicitly include > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
"+" operator doesn't add a cipher, it moves matching ones to end of list > AES256:-0xc030:+AES+GCM > Allow AES256, but (soft-)exclude TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > if it's not in the AESGCM ciphers list. again, you're describing what would happen with AES256:-0xc030:AES+GCM > Additionally it would be awesome if one could simply use the names as > they appear in the RFCs ;-) that would make the strings longer, wouldn't it? :) master has support for printing the IETF/IANA names, see -stdname options to ciphers subcommand... -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
