On 7/20/19 8:17 AM, Viktor Dukhovni wrote:
On Sat, Jul 20, 2019 at 07:35:49AM -0700, PGNet Dev wrote:Checking cipherlist for just TLSv1.3 ciphers FAILs here, openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384' Error in cipher listThis is expected. Try: openssl ciphers -tls1_3 -stdname -s -V -ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256' 'aNULL'TLS 1.3 cipher code points are fundamentally different from TLS 1.0–1.2
Thanks, mostly clear now.
You've just not read the documentation carefully.
You're possibly making some not-necessarily valid assumptions about who's read what, with what level of 'care', and the clarity of the written documents ...
