OpenSSL not honouring cipher selection?

Started by Headless1919, August 25, 2022, 02:34:09 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
September 02, 2022, 04:36:27 PM #30
@Fright, I went to look into config.xml but it reflects exactly what the GUI shows, so I am not convinced it will function as an override. Will bear it in mind thought, thanks!

@i81b4u, RSA does not offer Perfect Forward Secrecy so I prefer to remove it, but that will work - thanks.
September 02, 2022, 05:16:59 PM #31
@RZR, I think you got things mixed up.

Not talking TLSv1.3 specifics right now, but ...

With RSA-certificates you can achieve PFS. PFS only depends on the key exchange method.

With RSA key exchange a symmetric key is exchanged "over the line" so when someone obtains the private key, traffic can be decrypted when listening in on (or replaying recorded) traffic. When using Diffie-Hellman a symmetric key is "calculated" and never sent "over the line", so it can't be found by listening in on (or replaying recorded) traffic.

Hope that makes sense?  ;)
September 02, 2022, 05:24:10 PM #32 Last Edit: September 02, 2022, 05:30:45 PM by Fright
@RZR
Quotereflects exactly what the GUI shows, so I am not convinced it will function as an override.
i checked )
but the mentioned fixes were not included in the 22.7.3.. so must be 'opnsense-patch'-ed manually
September 02, 2022, 05:36:33 PM #33
@i81b4u - you're right, I am using the term "RSA" too broadly (interchangeably), was referring specifically to KEX. Thanks ;)

@Fright, thanks - I should have clicked. Will check after the next patch/update to see what is there. Appreciated!
September 02, 2022, 08:35:45 PM #34 Last Edit: September 05, 2022, 10:24:47 PM by rickyrickk31
I agree OpenSSL is conforming to the RFC, seen that snippet before. If that is the cause, LibreSSL clearly does not comply when making changes.
get-mobdro.com
Print
Go Up Pages 1 2 3
User actions