If they have counterparts in TLS that could be used, why wouldn't
the TLS version show up instead ?
Because they are *the same* TLS did not take old ciphers and renumber or
rename them.
___
openssl-users mailing list
To unsubscribe:
SSLv3 in the ciphersuite definition means it can be used in
SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3,
and then again for TLS1.0, and again for TLS1.1 etc - its just
defined once and is reused across multiple protocol versions.
Yes, this is what I basically understood.
On 28/04/15 13:31, jonetsu wrote:
That refers to the minimum version of the ciphersuite: it
doesn't imply that it will only be used in SSLv3 (which is
disabled in FIPS mode).
Hmmm... I'm sorry but I do not really understand this. Since openssl is
run in FIPS mode, and since SSLv3 is
That refers to the minimum version of the ciphersuite: it
doesn't imply that it will only be used in SSLv3 (which is
disabled in FIPS mode).
Hmmm... I'm sorry but I do not really understand this. Since openssl is
run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3
ciphers
Hi,
... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)
https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0
Specifically:
FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0
FCS_TLSS_EXT.2.2 The TSF shall deny connections
On Fri, Apr 24, 2015, jonetsu wrote:
... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)
https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0
Specifically:
FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0
Hello,
In FIPS mode SSL 3.0 is not allowed: that has always been the
case.
% openssl version
OpenSSL 1.0.1f 6 Jan 2014
% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
ECDHE-RSA-AES256-SHASSLv3
ECDHE-ECDSA-AES256-SHA SSLv3
DHE-RSA-AES256-SHA SSLv3
DHE-DSS-AES256-SHA SSLv3
On Fri, Apr 24, 2015, jonetsu wrote:
Hello,
In FIPS mode SSL 3.0 is not allowed: that has always been the
case.
% openssl version
OpenSSL 1.0.1f 6 Jan 2014
% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
ECDHE-RSA-AES256-SHASSLv3
ECDHE-ECDSA-AES256-SHA SSLv3