Hi. 2018-08-22 14:43 GMT+09:00 Reco <recovery...@gmail.com>: >> [question 1] >> 'openssl ciphers -v' output ciphers. include SSL protocol version. >> I have 'SSLv3' by 'openssl ciphers -v' >> but debian openssl package disable ssl3. by configure option. >> (see configure option in debian/rules file). >> >> my openssl doesn't support SSLv3. is it right? > > Debian's openssl does support ciphers that were associated with SSLv3, > but all these ciphers can be used for TLS too. > The support of SSLv3 protocol itself is disabled.
oh! I see. >> [question 2] >> What can I know which SSL version is supported by openssl? > > "openssl list -disabled" should show all disabled features, here they > include SSL3. The support for SSL2 was lost by openssl a long time ago. woops. openssl 1.0.2 doesn't have 'list' command (1.1.0 has 'list'). Instead, I can 'openssl ciphers' command. $ openssl ciphers -ssl3 Error in cipher list 140431216178832:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1294: $ openssl ciphers -tls1 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA (snip) > So, which version of SSL does Debian's openssl support? No version at > all. > Which version of TLS does Debian's openssl support? 1.0, 1.1 and 1.2. I understand. thanks! -- miwarin
