ComputerBas

Asked: 2022-01-25 20:42:13 +0800 CST2022-01-25 20:42:13 +0800 CST 2022-01-25 20:42:13 +0800 CST

What Cipher Suites to use with OpenSSL 1.1.1 for TLSv1.3?

772

What cipher suites to use with OpenSSL 1.1.1 for TLSv1.3?

I really want it to be AES56 or CHACHA20.

1 Answers

Voted

ComputerBas
2022-01-25T20:42:13+08:002022-01-25T20:42:13+08:00
Do this:

Cipher Suites:

For TLSv1.2:

Apache:

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-CHACHA20-POLY1305

ECDHE-RSA-AES256-SHA

IIS 10:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

For TLSv1.3:

nano /ect/openssl/openssl.conf

Add this line:

Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

This is not compliant with RFC 8446 section 9.1 but better.
-3

Web Analytics Made Easy - Statcounter