Thank You so much, Jacob Regards, Vishnu Raju.
On Thu, Dec 1, 2016 at 5:56 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 01/12/2016 08:49, vishnu raju wrote: > >> Hi all, >> I am getting connection success in a tls1.2 connection with Des-Cbc-sha >> cipher. But upto my knowledge this cipher is depreciated on tls1.2. >> Thanks for your help. >> >> It is not disabled, just scheduled for future disabling as far > as the TLS 1.2 standard/RFC is concerned. > > In OpenSSL its use is controlled by the "cipher list" setting, > which is a runtime setting made by the client and server software. > > For single-DES (not triple DES), this would indicate that both ends > are configured insecurely since single DES has been considered weak > almost since the invention of SSL/TLS. > > For Triple-DES (DES3), some recent OpenSSL versions reclassified it > to a lower grade because of the well-known (since the beginning) > danger of encrypting too much data with a single key, a danger that > was recently highlighted under the name SWEET32. Triple DES can > be enabled or disabled via an appropriate "cipher list" setting > regardless of OpenSSL version. > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
