module to control TLS handshake algorithms

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

module to control TLS handshake algorithms

raghu venkat
Is there any module through which i can control algorithms used in cipher suites during TLS handshake.

My requirement is like i want to configure my server in such a way that i can specify list of acceptable cipher suites and also the algorithms used in cipher suite. Specifying algorithms for individual aspects like key exchange, authentication, encryption, HKDF would also do.

For example consider ECDHE-ECDSA-AES256-GCM-SHA384 cipher suite.
1) for ECDHE specify the curves like secp256r1, secp384r1.
2) for ECDSA also specify the curves like secp256r1, secp384r1 and also  SHA digest used like SHA256, SHA384

similarly if RSA is used specify key length like 1024, 2048
and algorithms like RSASSA-PSS, RSASSA-PKCS-v1_5

With openssl configuration i can do some of the stuff but i don't want to use it as it effects other application.


nginx mailing list
[hidden email]