http://bugzilla.opensuse.org/show_bug.cgi?id=1135550
http://bugzilla.opensuse.org/show_bug.cgi?id=1135550#c25
--- Comment #25 from Илья Индиго ---
Faced the weird behavior of chipper for TLS1.3.
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
openssl ciphers -s -v ECDHE | grep TLSv1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
but
openssl ciphers TLS_CHACHA20_POLY1305_SHA256
or
openssl ciphers TLS_AES_256_GCM_SHA384
Error in cipher list
140013550158336:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:ssl/ssl_lib.c:2549:
In Apache
SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
Unable to configure permitted SSL ciphers
SSL Library Error: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match
Fatal error initialising mod_ssl, exiting.
Is this something I don’t understand, or is it an openssl bug?
I want the TLS1.3 chippers to be installed only the necessary and in the wrong
order.
How to do it?
If this is a bug, I will create a separate report.
--
You are receiving this mail because:
You are on the CC list for the bug.