Hi, I think I've spotted a bug in openssl's handling of ciphersuites, but I'm not entirely sure if I'm doing it right.
When using just about any cipher suite string, I never get any TLS 1.1 cipher suites. E.g. lets assume I want a pretty strong selection of cipher suites and don't want to support any SSLv2/3, I could do: openssl ciphers -v '!SSLv3:!SSLv2:HIGH:MEDIUM:!LOW' It gives me only ciphers with TLSv1.2 listed. However, at least some of them should be supported within TLSv1.1. Doesn't openssl support a single cipher suite that can be used with TLSv1.1 and that doesn't require TLS 1.2? Or what would be the correct ciphersuite string? I think what's happening here is that !sslv3 disables all cipher suites that are part of sslv3, including those that are still supported by tlsv1.1. However, I'm unsure if that's the intended behaviour. cu, -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature