On Wed, Aug 2, 2017, at 12:26 AM, Viktor Dukhovni wrote:
> For the record, that "!aDSA" should have been "!aDSS", though it
> makes little difference in this example as no DSA (aka DSS) CHACHA
> algorithms exist and none are likely to ever be added.
>
> You can check with "openssl ciphers -v aDSS" vs. "openssl ciphers -v aDSA".
Thanks.
In my 'Phase 1', before turning up the TLS requirements I'll need, I'm just
paying attention an existing server's TLS usage,
22888 ECDHE-RSA-AES256-GCM-SHA384
11050 ADH-AES256-GCM-SHA384
3786 DHE-RSA-AES256-SHA
2312 ECDHE-RSA-AES256-SHA384
2304 AECDH-AES256-SHA
2296 ECDHE-RSA-CHACHA20-POLY1305
2265 ECDHE-RSA-AES256-SHA
1120 ADH-AES256-SHA
885 DHE-RSA-AES256-GCM-SHA384
679 ECDHE-RSA-AES128-GCM-SHA256
340 ECDHE-ECDSA-AES256-GCM-SHA384
216 AES256-SHA
112 ECDHE-ECDSA-CHACHA20-POLY1305
72 DHE-RSA-AES256-SHA256
40 ECDHE-RSA-AES128-SHA256
27 AES256-GCM-SHA384
13 ECDHE-ECDSA-AES256-SHA
5 AES128-GCM-SHA256
Looks like I probably wouldn't have noticed -aDSS or -DSS. For a bit anyway.
