> Where do you find the definition of cipher settings: all, insecure, > default, etc? The "man tls_config_set_ciphers" mentions them but > doesn't define them. Neither does "man openssl". > > "TLSv1.2:ECDHE-RSA-AES256-SHA384:256" looks reasonably modern, why is > it not part of "ciphers secure"?
Looking at https://github.com/openbsd/src/blob/master/lib/libtls/tls_internal.h#L35 default/secure maps to "TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE", so only the AEAD and PFS ciphers from tls1.2 (all tls1.3 ciphers do AEAD and PFS). AEAD does encryption and mac in one go, thus avoiding potential future padding oracle attacks. PFS ensures that a future leak of the certificate key does not compromise previous sessions. The cipher of your peer does no AEAD and is therefore rejected. You can use "ciphers compat" to accept it. > Steve > Kind regards, Thomas
