Cipher list and TLS versions

pre-srfi / tls-client

Make binary ports that talk to TLS/SSL servers

1 stars 0 forks source link

Cipher list and TLS versions #1

Open lassik opened 3 years ago

lassik commented 3 years ago

$ openssl list-cipher-algorithms

https://curl.haxx.se/docs/ssl-ciphers.html

johnwcowan commented 3 years ago

Anything older than TLS 1.2 is insecure and deprecated. (TLS 1.1 is not insecure in itself, but it will cheerfully and without notice fall back to SSL 2.0, which is insecure.)

lassik commented 3 years ago

Is any protocol that goes by the name "SSL" still relevant?

johnwcowan commented 3 years ago

Definitely not.

lassik commented 3 years ago

Once a connection has been established, we should have a procedure to ask which ciphers and TLS version were selected for it (out of the set of all acceptable ones).