subject:"Openssl ciphers is not means SSL supported\?"

Re: Openssl ciphers is not means SSL supported?

2018-08-22 Thread Miwa Susumu

Hi.

2018-08-22 14:43 GMT+09:00 Reco :
>> [question 1]
>> 'openssl ciphers -v' output ciphers. include SSL protocol version.
>> I have 'SSLv3' by 'openssl ciphers -v'
>> but debian openssl package disable ssl3. by configure option.
>> (see configure option in debian/rules file).
>>
>> my openssl doesn't support SSLv3. is it right?
>
> Debian's openssl does support ciphers that were associated with SSLv3,
> but all these ciphers can be used for TLS too.
> The support of SSLv3 protocol itself is disabled.

oh! I see.


>> [question 2]
>> What can I know which SSL version is supported by openssl?
>
> "openssl list -disabled" should show all disabled features, here they
> include SSL3. The support for SSL2 was lost by openssl a long time ago.

woops. openssl 1.0.2 doesn't have 'list' command (1.1.0 has 'list').
Instead, I can 'openssl ciphers' command.

$ openssl ciphers -ssl3
Error in cipher list
140431216178832:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl_lib.c:1294:

$ openssl ciphers -tls1
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA (snip)


> So, which version of SSL does Debian's openssl support? No version at
> all.
> Which version of TLS does Debian's openssl support? 1.0, 1.1 and 1.2.

I understand.
thanks!

-- 
miwarin

Re: Openssl ciphers is not means SSL supported?

2018-08-21 Thread Reco

Hi.

On Wed, Aug 22, 2018 at 02:01:23PM +0900, Miwa Susumu wrote:
> Hi all.
> 
> [question 1]
> 'openssl ciphers -v' output ciphers. include SSL protocol version.
> I have 'SSLv3' by 'openssl ciphers -v'
> but debian openssl package disable ssl3. by configure option.
> (see configure option in debian/rules file).
> 
> my openssl doesn't support SSLv3. is it right?

Debian's openssl does support ciphers that were associated with SSLv3,
but all these ciphers can be used for TLS too.
The support of SSLv3 protocol itself is disabled.

> [question 2]
> What can I know which SSL version is supported by openssl?

"openssl list -disabled" should show all disabled features, here they
include SSL3. The support for SSL2 was lost by openssl a long time ago.

So, which version of SSL does Debian's openssl support? No version at
all.
Which version of TLS does Debian's openssl support? 1.0, 1.1 and 1.2.

Reco

Openssl ciphers is not means SSL supported?

2018-08-21 Thread Miwa Susumu

Hi all.

[question 1]
'openssl ciphers -v' output ciphers. include SSL protocol version.
I have 'SSLv3' by 'openssl ciphers -v'
but debian openssl package disable ssl3. by configure option.
(see configure option in debian/rules file).

my openssl doesn't support SSLv3. is it right?

[question 2]
What can I know which SSL version is supported by openssl?


[detail]

$ uname -a
Linux miwa-debian8 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1
(2018-05-08) x86_64 GNU/Linux

$ cat /etc/debian_version
8.10

$ openssl version
OpenSSL 1.0.1t  3 May 2016

$ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=DSS  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=SRP  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH   Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH   Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH   Au=DSS  Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
AES256-GCM-SHA384   TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA  Au=RSA  Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA  SSLv3 Kx=PSK  Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHASSLv3 Kx=ECDH Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP  Au=DSS  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP  Au=SRP  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH   Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH   Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(128)  Mac=SHA1
DHE-RSA-SEED-SHASSLv3 Kx=DH   Au=RSA  Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHASSLv3 Kx=DH   Au=DSS  Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH   Au=RSA  Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH   Au=DSS  Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
AES128-GCM-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA1
SEED-SHASSLv3 Kx=RSA  Au=RSA  Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA  Au=RSA  Enc=Camellia(1

Re: Openssl ciphers is not means SSL supported?

Re: Openssl ciphers is not means SSL supported?

Openssl ciphers is not means SSL supported?

3 matches

Site Navigation

Mail list logo

Footer information