On 01/12/2016 08:49, vishnu raju wrote:
Hi all,
I am getting connection success in a tls1.2 connection with Des-Cbc-sha cipher. But upto my knowledge this cipher is depreciated on tls1.2.
Thanks for your help.

It is not disabled, just scheduled for future disabling as far
as the TLS 1.2 standard/RFC is concerned.

In OpenSSL its use is controlled by the "cipher list" setting,
which is a runtime setting made by the client and server software.

For single-DES (not triple DES), this would indicate that both ends
are configured insecurely since single DES has been considered weak
almost since the invention of SSL/TLS.

For Triple-DES (DES3), some recent OpenSSL versions reclassified it
to a lower grade because of the well-known (since the beginning)
danger of encrypting too much data with a single key, a danger that
was recently highlighted under the name SWEET32.  Triple DES can
be enabled or disabled via an appropriate "cipher list" setting
regardless of OpenSSL version.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to