> From: owner-openssl-users On Behalf Of Vladimir Belov > Sent: Monday, December 23, 2013 23:13
> And just one question. Is there any possibility to set different > cipher suits for different versions of TLS? > Certainly not released. > For example, I want to exclude RC4 cipher suits wholly for TLS 1.2/1.1 > and leave them only for <=TLS 1.0 The reason is the same BEAST. > But if we have only one string with cipher suits we can't do this > because we need RC4 for TLS 1.0 and lower. > Someone else had a similar request about a month back https://groups.google.com/forum/#!msg/mailing.openssl.users/Jfxpma2a_jw/zRqW2S8xFfYJ (note I answered about "see" but the real question turned out to be "say"). You could look at the repository to see If anything came of it. You might be able to work-around at the application level. For example an HTTPS server could check if an accepted connection is RC4 and >=TLS1.1 or (sometimes simpler) if a request is on such a connection, and if so redirect the request(s) to an alternate port or address, or maybe SNI, that is configured for >=TLS1.1 and not RC4. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
