Web lists-archives.com

Re: Openssl ciphers is not means SSL supported?




Hi.

2018-08-22 14:43 GMT+09:00 Reco <recoverym4n@xxxxxxxxx>:
>> [question 1]
>> 'openssl ciphers -v' output ciphers. include SSL protocol version.
>> I have 'SSLv3' by 'openssl ciphers -v'
>> but debian openssl package disable ssl3. by configure option.
>> (see configure option in debian/rules file).
>>
>> my openssl doesn't support SSLv3. is it right?
>
> Debian's openssl does support ciphers that were associated with SSLv3,
> but all these ciphers can be used for TLS too.
> The support of SSLv3 protocol itself is disabled.

oh! I see.


>> [question 2]
>> What can I know which SSL version is supported by openssl?
>
> "openssl list -disabled" should show all disabled features, here they
> include SSL3. The support for SSL2 was lost by openssl a long time ago.

woops. openssl 1.0.2 doesn't have 'list' command (1.1.0 has 'list').
Instead, I can 'openssl ciphers' command.

$ openssl ciphers -ssl3
Error in cipher list
140431216178832:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl_lib.c:1294:

$ openssl ciphers -tls1
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA (snip)


> So, which version of SSL does Debian's openssl support? No version at
> all.
> Which version of TLS does Debian's openssl support? 1.0, 1.1 and 1.2.

I understand.
thanks!

-- 
miwarin