On 14/02/18 16:27, Richard Moore wrote:
> If I run the following:
>  openssl-1.1.1pre1 ciphers -tls1_3 -v

The man page says this about the "-tls1_3" option:

"In combination with the B<-s> option, list the ciphers which would be
used if TLSv1.3 were negotiated."

So you need to add "-s". If you do that then you only get the TLSv1.3
ciphers. It's a little strange that the option is ignored if no -s is
supplied (you might think supplying -tls1_3 would automatically imply
-s). But that is the way that all the -tls* options work, so this is
nothing new in 1.1.1.


> Then I get lots of ciphers, for example AES128-SHA however the latest
> draft TLS 1.3 RFC states:
> The list of supported symmetric algorithms has been pruned of all
> algorithms that are considered legacy. Those that remain all use
> Authenticated Encryption with Associated Data (AEAD) algorithms.
> This suggests that the ciphers command isn't working as intended. Should
> I file an issue in github?
> Cheers
> Rich.
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to