Skip to content

Instantly share code, notes, and snippets.

@wlonkly

wlonkly/tls.md

Created April 14, 2020 01:36
Show Gist options
  • Save wlonkly/58fbedc1d33cdd9df2cd704645925f9e to your computer and use it in GitHub Desktop.
Save wlonkly/58fbedc1d33cdd9df2cd704645925f9e to your computer and use it in GitHub Desktop.
Download ZIP
Fun with TLS
Raw
tls.md

IO::Socket::SSL defaults:

    SSL_cipher_list => join(" ",
        qw(
            ECDHE-ECDSA-AES128-GCM-SHA256
            ECDHE-ECDSA-AES128-SHA256
            ECDHE-ECDSA-AES256-GCM-SHA384
            ECDHE-ECDSA-AES256-SHA384
            ECDHE-ECDSA-AES128-SHA
            ECDHE-ECDSA-AES256-SHA
            ECDHE-RSA-AES128-SHA256
            ECDHE-RSA-AES128-SHA
            ECDHE-RSA-AES256-SHA
            DHE-DSS-AES128-SHA256
            DHE-DSS-AES128-SHA
            DHE-DSS-AES256-SHA256
            DHE-DSS-AES256-SHA
            AES128-SHA256
            AES128-SHA
            AES256-SHA256
            AES256-SHA
            EDH-DSS-DES-CBC3-SHA
            DES-CBC3-SHA
            RC4-SHA
        ),
        # just to make sure, that we don't accidentally add bad ciphers above
        "!EXP !LOW !eNULL !aNULL !DES !MD5 !PSK !SRP"
    )
);

Minnow:

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS	128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS	128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS	256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment