The commandline utility 'ciphers' with the -V option (upper case V) displays
details for each selected suite including the minimum protocol version. The specific case AES128-SHA is SSLv3 or higher. So far the only suites limited to TLSv1.2 are the ones with SHA-2 (SHA256 or SHA384) MAC or with GCM mode. (Note that for some versions of 1.0.1 a bug prevented selecting TLSv1.2 suites as a group. This was fixed but I don't recall exactly when.) From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Salz, Rich Sent: Monday, November 25, 2013 22:04 To: openssl-users@openssl.org Subject: Problem with specifying the CIPHER list Is there a way to see something like AES128-SHA is okay with TLSv1.2, but not with SSLv3? -- Principal Security Engineer Akamai Technology Cambridge, MA