> From: owner-openssl-users On Behalf Of Viktor Dukhovni > Sent: Friday, November 01, 2013 18:12
<snip: differences between> > > > $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA > > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA > Enc=Camellia(256) Mac=SHA1 > > > > > > $ openssl ciphers -v AES128-SHA256 > > > AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) > Mac=SHA256 > > > > > >Does your application need to perform faster, offer forward-secrecy, be > > >most interoperable, ... ? > > > > these was the result of using 2 different browsers with the same SSL > > website ... > > (1) an old firefox > > (2) the latest IE - IE11 on Win 8.1 > > Different browsers (or sometimes versions) offer different lists of supported cipher suites, in different orders. In some cases the same browser can be reconfigured to offer different suites; Firefox in particular can do this in about:config. I don't know about Windows/IE but it wouldn't surprise me at all if there's a registry hack. Some servers, and particularly OpenSSL and thus Apache by default (unless you configure HonorCipherOrder), will agree the first suite in client preference order that the server supports. In practice this tends to be the first one, or in the first few, of the client preferences. Firefox is the only client I know that prefers Camellia to AES at same strength, and thus tends to get a Camellia suite from a server that supports them, as OpenSSL and thus Apache do unless disabled. > > https://ssl.mathemainzel.info/info/ > > you can try your browser ... > > > > how would I define forward-secrecy on Apache webserver? > > If the server negotiated both ciphers, it already supports > forward-secrecy (aka PFS) if the client does too. > Not necessarily. In principle either end could implement and be configured to support each PFS suite individually; even if both ends support some PFS suite or suites, they may not intersect and allow actual PFS session. In practice this mostly breaks down by auth&kx; there would be no sensible reason to exclude an implementable suite that is otherwise strong enough. In particular IE/Windows through the latest I have (IE9/Seven) supports DHE-DSS but not DHE-RSA. If an OpenSSL server has RSA key&cert, and dh_tmp but not ecdh_tmp params, it supports DHE-RSA but not DHE-DSS. That means both ends "support" PFS, but they still can't negotiate it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
