lua-openssl icon indicating copy to clipboard operation
lua-openssl copied to clipboard

Published 20 hours ago verified publisher icon zhaozg

tls 1.3 set ciphersuites

Open Timothy- opened this issue 5 years ago • 0 comments

os: ubuntu 18.04 openssl: 1.1.1

openssl ciphers -s -tls1_3
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Problem details

openssl.ssl.ctx_new('TLS', 'TLS_AES_128_GCM_SHA256')
bad argument #2 to '?' (Error to set cipher list)

If you try to set a cipher with only TLS1.3 ciphersuites, this function fails. TLS1.3 ciphersuites must be set using SSL_CTX_set_ciphersuites.

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html

Note that in luvit/tls the tls 1.3 ciphersuites are silently ignored by openssl.

https://github.com/luvit/luvit/blob/master/deps/tls/common.lua#L46

openssl.ssl.ctx_new('TLS', 'TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-SHA256')
openssl.ssl_ctx: 0x415c2730

Expected result Probably an extra argument with the ciphersuites. Not sure if the current implementation of setting default ciphers if no argument is given is the best option. I would like to be able to set no ciphers, and only ciphersuites if possible.

Timothy- avatar May 11 '20 17:05 Timothy-