On Mon, May 31, 2021 at 11:08:22PM +0300, Evgeniy Berdnikov via Exim-users wrote:
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
> > Session-ID: ...
> > Session-ID-ctx:
> > Master-Key: ...
> > Key-Arg : None
> > PSK identity: None
> > PSK identity hint: None
> > SRP username: None
> > Start Time: 1622470949
> > Timeout : 7200 (sec)
> > Verify return code: 0 (ok)
> >
> >
> > But - I tried to specify the curve and it failed
> >
> > openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
> > ECDHE-ECDSA-AES256-GCM-SHA384 -curves prime256v1
This cipher requires the server to have an ECDSA certificate,
you've probably only configured an RSA certificate. The
support SHA384 ciphers in OpenSSL 1.1.1 are:
$ OpenSSL_1_1_1/bin/openssl ciphers -s -tls1_2 -v ALL+SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
> It looks like recent libssl considers ECDHE-ECDSA-AES256-GCM-SHA384
> as TLSv1.3-only cipher. And post-handshake message mentions it
> in some other manner:
That's not the case.
--
Viktor.
