On Thu, Mar 12, 2020 at 1:01 AM Kyle Hamilton wrote:
> ssl_prefer_server_ciphers on;
>
> On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan
> wrote:
>
>>
>>
>> On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
>> michael.woj...@microfocus.com> wrote:
>>
>>> To enforce the server's cipher order, use
ssl_prefer_server_ciphers on;
On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan
wrote:
>
>
> On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
> michael.woj...@microfocus.com> wrote:
>
>> To enforce the server's cipher order, use SSL_CTX_set_options(*ctx*,
>> SSL_CTX_get_options(*ctx*) |
(Please send messages to the list, not to me directly.)
In TLS, the client and server negotiate the cipher suite to use. The server
makes the final decision. It can pick the client's most-preferred suite from
among the ones they share, or it can pick the one it prefers. The current
consensus
On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> To enforce the server's cipher order, use SSL_CTX_set_options(*ctx*,
> SSL_CTX_get_options(*ctx*) | SSL_OP_CIPHER_SERVER_PREFERENCE).
>
> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
>
To enforce the server's cipher order, use SSL_CTX_set_options(ctx,
SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
Testing server preferences
Has server cipher order? no (NOT
On Tue, Mar 10, 2020 at 9:56 PM Kaushal Shriyan
wrote:
> Hi,
>
> I have run the below tests
>
> ./testssl.sh gsmasslciphers.digitalapicraft.com
>> ###
>> testssl.sh 3.1dev from https://testssl.sh/dev/
>> (e0c83b2 2020-02-24
Hi,
I have run the below tests
./testssl.sh gsmasslciphers.digitalapicraft.com
> ###
> testssl.sh 3.1dev from https://testssl.sh/dev/
> (e0c83b2 2020-02-24 14:21:28 -- )
> This program is free software. Distribution and