Posted 26 November 2023 - 03:50 AM
Good morning? How do I get all of these cipher suites to show as forward secrecy? Also, Ssl 3 and 2 seem to be missing?
Screenshot 2023-11-26 at 3.50.05 AM.png 95.01KB
0 downloads
Screenshot 2023-11-26 at 3.50.14 AM.png 14.71KB
0 downloads
Posted 26 November 2023 - 04:27 AM
Question one: You don't.
https://en.wikipedia.org/wiki/Forward_secrecy#Protocols
I recommend you read the whole article, however, because if you actually understood what forward secrecy is and how it works you wouldn't have asked.
Question two: SSL as a protocol has been obsolete for at least 10 probably closer to 15 years. It's been removed from or disabled in most libraries at this point.
Posted 26 November 2023 - 11:49 AM
Good morning, Mr. H_b_s? Anybody can alter a wikipedia page? I always change African-Americans who have their ethnicity as black back to African-American?
Question one: You don't.
https://en.wikipedia.org/wiki/Forward_secrecy#Protocols
I recommend you read the whole article, however, because if you actually understood what forward secrecy is and how it works you wouldn't have asked.
Question two: SSL as a protocol has been obsolete for at least 10 probably closer to 15 years. It's been removed from or disabled in most libraries at this point.
How do I mark this post as resolved?
Edited by supertopsecret, 26 November 2023 - 11:51 AM.
Posted 30 November 2023 - 06:58 AM
To enable forward secrecy (FS) for all cipher suites and disable SSLv2 and SSLv3:
Locate the OpenSSL configuration file: locate openssl.cnf
Open the configuration file: sudo nano /etc/ssl/openssl.cnf
In the [cipher_suites] section, replace the existing list of cipher suites with:
Save the changes and restart the OpenSSL service: sudo service ssl restart
Verify the changes: openssl ciphers -a
Let me know if you need any further asssistance. Have a nice day.
Posted 30 November 2023 - 09:01 AM
To enable forward secrecy (FS) for all cipher suites and disable SSLv2 and SSLv3:
Locate the OpenSSL configuration file: locate openssl.cnf
Open the configuration file: sudo nano /etc/ssl/openssl.cnf
In the [cipher_suites] section, replace the existing list of cipher suites with:
[cipher_suites] TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Save the changes and restart the OpenSSL service: sudo service ssl restart
Verify the changes: openssl ciphers -a
Let me know if you need any further asssistance. Have a nice day.
Good morning. What application do I use to open it? I'm not seeing the cipher_suite section? Are you able to just attach me your copy for me to upload? Can we also get it as a Mobile certificate to install? Same as the one in the folder? Except one that allows all of them to activate? Also, for the new Macs, sudo service ssl restart doesn't work anymore? Some of the codes change such as with dns cache flushing. Somebody else mentioned that your code seems for Linux. Although the sudo nano string worked. Another commentator posted how that it's more for the browser developers to have to worry about that instead.
Screenshot 2023-11-30 at 9.09.33 AM.png 35.25KB
0 downloads
Edited by supertopsecret, 30 November 2023 - 07:42 PM.
Posted 02 December 2023 - 03:42 PM
If you insist on opening and editing the config file, you should be able to open it with any text editor, or the vi command line tool.
Most Linux command will work on Mac, as the Mac OS is based on BSD, which is part of the wider *nix family of operating systems.
I'm wondering why you would want to change the defaults cipher suites.
Posted 03 December 2023 - 03:22 AM
If you insist on opening and editing the config file, you should be able to open it with any text editor, or the vi command line tool.
Most Linux command will work on Mac, as the Mac OS is based on BSD, which is part of the wider *nix family of operating systems.
I'm wondering why you would want to change the defaults cipher suites.
Good morning. The screenshots will show why I want to change the default cipher suites. It's to enable forward secrecy. I opened it via the text editor and using the terminal. There wasn't a cipher suite name to be able to do that?
Posted 03 December 2023 - 10:59 AM
No. As Win11DataSavior pointed out, the cypher suites are configured in the openssl.cnf file.
I ask because it appears you are a bit unsure about how the cypher suites are configured and how forward secrecy works. On a Mac, you should just be able to go with the defaults, unless you are sure you know what you are doing.
Bleepin Madman
Posted 09 December 2023 - 06:07 PM
Good morning? How do I get all of these cipher suites to show as forward secrecy? Also, Ssl 3 and 2 seem to be missing?
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
0 members, 1 guests, 0 anonymous users
Back to top
