module to control TLS handshake algorithms
raghu venkat
raghuvenkat111 at gmail.com
Tue Jul 7 13:02:55 UTC 2020
HI
Is there any module through which i can control algorithms used in cipher
suites during TLS handshake.
My requirement is like i want to configure my server in such a way that i
can specify list of acceptable cipher suites and also the algorithms used
in cipher suite. Specifying algorithms for individual aspects like key
exchange, authentication, encryption, HKDF would also do.
For example consider ECDHE-ECDSA-AES256-GCM-SHA384 cipher suite.
1) for ECDHE specify the curves like secp256r1, secp384r1.
2) for ECDSA also specify the curves like secp256r1, secp384r1 and also
SHA digest used like SHA256, SHA384
similarly if RSA is used specify key length like 1024, 2048
and algorithms like RSASSA-PSS, RSASSA-PKCS-v1_5
With openssl configuration i can do some of the stuff but i don't want to
use it as it effects other application.
Regards
Raghu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200707/aa2588bd/attachment.htm>
More information about the nginx
mailing list