[exim-dev] [Bug 2872] Unable to select ONLY TLSv1.3 CHACHA2…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2872] New: Unable to select ONLY TLSv1.3 CHACHA20-POLY1305 cipher
Subject: [exim-dev] [Bug 2872] Unable to select ONLY TLSv1.3 CHACHA20-POLY1305 cipher
https://bugs.exim.org/show_bug.cgi?id=2872

--- Comment #4 from Jeremy Harris <jgh146exb@???> ---
OpenSSL has separate API calls for TLSv1.3 and pre-1.3 ciphersuites.
If you don't call either, you get a default set for that version of TLS.

I'd expect it to, if a (set of) 1.3 ciphers was requested which did
not match those selected by a peer, to fall back to using a cipher from
the pre-1.3 set, on a 1.2 connection (assuming there was one). But it does
not; the server rejects the Client Hello with a "Handshake faiied" alert.

This is less than useful, it means a server cannot restrict the 1.3 ciphers
it offers yet still offer both 1.3 and 1.2 service with a single configuration.

--
You are receiving this mail because:
You are on the CC list for the bug.