[openssl-users] Query on TLS1.2 and use of DES ciphers

2015-06-28 Thread Srinivas 
Hello all,
I am using TLS1.2 version between the standard openssl s_server and client and 
cipher set to DES-CBC-SHA. The connections from the client to the server goes 
through sucessfully. Referring the TLS1.2 RFC @ 
https://www.ietf.org/rfc/rfc5246.txt, 
I see the below quote there.

Removed IDEA and DES cipher suites.  They are now deprecated and
  will be documented in a separate document.I am assuming that means all 
DES (including 3-DES) ciphers should be removed from TLS1.2. 
Also the above cipher is not in the list of 
https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites. 

My question is given the above, how are my s_server and s_client able to 
connect through using the above cipher and TLS1.2? Is it a bug in the 
implementation of the s_server and s_client?

Thanks.
 truly,
Srinivas.___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query on TLS1.2 and use of DES ciphers

2015-06-28 Thread Salz, Rich 
Deprecated means discouraged, not disallowed.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query on TLS1.2 and use of DES ciphers

2015-06-28 Thread Srinivas 
Thanks. Makes sense.

But then why are the DES ciphers not listed in the supported cipher list for 
TLSv1.2 
here?https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites
 truly,
Srinivas. 


 On Sunday, 28 June 2015 11:33 PM, Salz, Rich rs...@akamai.com wrote:
   

 #yiv7205281614 #yiv7205281614 -- _filtered #yiv7205281614 
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv7205281614 
{font-family:Consolas;panose-1:2 11 6 9 2 2 4 3 2 4;}#yiv7205281614 
#yiv7205281614 p.yiv7205281614MsoNormal, #yiv7205281614 
li.yiv7205281614MsoNormal, #yiv7205281614 div.yiv7205281614MsoNormal 
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv7205281614 a:link, 
#yiv7205281614 span.yiv7205281614MsoHyperlink 
{color:blue;text-decoration:underline;}#yiv7205281614 a:visited, #yiv7205281614 
span.yiv7205281614MsoHyperlinkFollowed 
{color:purple;text-decoration:underline;}#yiv7205281614 code {}#yiv7205281614 
pre {margin:0in;margin-bottom:.0001pt;font-size:10.0pt;}#yiv7205281614 
span.yiv7205281614HTMLPreformattedChar {font-family:Consolas;}#yiv7205281614 
span.yiv7205281614EmailStyle20 {color:#1F497D;}#yiv7205281614 
.yiv7205281614MsoChpDefault {font-size:10.0pt;} _filtered #yiv7205281614 
{margin:1.0in 1.0in 1.0in 1.0in;}#yiv7205281614 div.yiv7205281614WordSection1 
{}#yiv7205281614 Deprecated means discouraged, not disallowed.

  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users