On 4/21/2021 3:56 PM, @lbutlr wrote:
On 20 Apr 2021, at 13:20, Jim Albert <j...@netrition.com> wrote:
On 4/20/2021 2:56 PM, @lbutlr wrote:
Right, and I am running the current version of OpenSSL which, for example,
doesn't support SSLv3 or TLSv1.1.
I'd be surprised if that were true.
If you run 'openssl ciphers -v ALL' you see no SSLv3 ciphers?
TLSv1 is not a cipher, the cipher suites are different than the protocols,
right?
I'm pretty sure you cannot make a TLSv1 or TLSv1.1 connection to a openSSL
1.1.1k versions of OpenSSL.
Speaking very generally and rudimentary, cipher suites define a set of
algorithms to secure network communications and include things like key
exchange, authentication and encryption. They'll include various
encryption and hash algorithms such as AES, RSA, MD5, SHA# and lots more.
SSL and TLS are protocols that define how sets of cipher suites are to
be used. In order to achieve a certain level of security the various
protocols require a certain level of cipher suite.
So.. in order to achieve a certain level of security you need to define
above what level of SSL/TLS you will suport (currently that is generally
TLSV1.1 and above) and then your cipher suite based on those required
for your supported SSL/TLS protocol version minus any that have known
significant vulnerabilities.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org