TLS1.3 ciphersuites configuration way Support
sca at andreasschulze.de
Fri Sep 28 16:51:23 UTC 2018
Am 28.09.18 um 10:56 schrieb Alex Zhang:
> It seems that OpenSSL has changed the way TLSv1.3 cipher suites are configured.
> According to the document https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html, the function SSL_CTX_set_cipher_list isn’t suitable for TLSv1.3, instead,
> SSL_CTX_set_ciphersuits should be used. While Nginx’s now still use SSL_CTX_set_cipher_list
> to configure the SSL/TLS ciphers, which leads to the default cipher suits are used all the time.
as far as I understand TLS1.3, there was a major redesign regarding cipher suites.
It's no longer possible to combine key exchange, hash and cipher in so many ways.
There are only 5 fixed cipher suites available (1) so the need to change them is significant lower.
More information about the nginx