Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
- For the OpenSSL command line applications there is a new "
ciphersuites" option to configure the TLSv1.3 ciphersuite list. This is just a simple colon (":") separated list of TLSv1.3 ciphersuite names in preference order. Note that you cannot use the special characters such as "+", "!", "" etc, that you can for defining TLSv1.2 ciphersuites. In practice this is not likely to be a problem because there are only a very small number of TLSv1.3 ciphersuites.
enabled-ciphersuites-tls13="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"/>
2. enabled-ciphersuites -->should contain ciphers suites for tls v1.2
3. enabled-ciphersuites-tls13-->should contain ciphers for tlsv1.3
For example:-
{{ <!-- Configures Data Grid Server to use specific TLS versions and cipher suites. -->
<engine enabled-protocols="TLSv1.3 TLSv1.2"
enabled-ciphersuites="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
enabled-ciphersuites-tls13="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"/>
</ssl>
</server-identities>}}
{{}}
Redhat-documentation:-
KCS:-https://access.redhat.com/solutions/7016961
{{}}
{{}}
Attachments
Issue Links
- clones
-
-
- Verified
-
