On Wed, Nov 22, 2023 at 10:30 PM John <john.ili...@iliffe.ca> wrote: > > Thanks for the reply Aditya. > > The version of openssl is: openssl-3.0.7-6.el9_2.x86_64 > > the version of mod_ssl is: mod_ssl-2.4.53-11.el9_2.5.x86_64 > > The result of openssl ciphers -s -v tlsv1_3 is: > TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) > Mac=AEAD > TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any > Enc=CHACHA20/POLY1305(256) Mac=AEAD > TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) > Mac=AEAD > TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) > Mac=AEAD > > This looks like an awful short list to me (what about all the RSA'a or > elliptic curve for example) > BUT what I have seen in many places is that TLS v 1.3 is the only secure > cipher protocol for an > e-commerce server.
In TLS 1.3 the key exchange and authentication algorithms are negotiated separately/outside of the cipher. So there are far fewer permutations. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
