Cipher Suites

     Good morning? How do I get all of these cipher suites to show as forward secrecy? Also, Ssl 3 and 2 seem to be missing?

Question one:  You don't.

https://en.wikipedia.org/wiki/Forward_secrecy#Protocols

I recommend you read the whole article, however, because if you actually understood what forward secrecy is and how it works you wouldn't have asked.

Question two:  SSL as a protocol has been obsolete for at least 10 probably closer to 15 years.  It's been removed from or disabled in most libraries at this point.

     Good morning, Mr. H_b_s? Anybody can alter a wikipedia page? I always change African-Americans who have their ethnicity as black back to African-American?

Question one:  You don't.

https://en.wikipedia.org/wiki/Forward_secrecy#Protocols

I recommend you read the whole article, however, because if you actually understood what forward secrecy is and how it works you wouldn't have asked.

Question two:  SSL as a protocol has been obsolete for at least 10 probably closer to 15 years.  It's been removed from or disabled in most libraries at this point.

How do I mark this post as resolved?

Edited by supertopsecret, 26 November 2023 - 11:51 AM.

Let me know if you need any further asssistance. Have a nice day.

 

To enable forward secrecy (FS) for all cipher suites and disable SSLv2 and SSLv3:

1. Locate the OpenSSL configuration file: locate openssl.cnf

2. Open the configuration file: sudo nano /etc/ssl/openssl.cnf

3. In the [cipher_suites] section, replace the existing list of cipher suites with:

[cipher_suites] TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

4. Save the changes and restart the OpenSSL service: sudo service ssl restart

5. Verify the changes: openssl ciphers -a

Let me know if you need any further asssistance. Have a nice day.

 

     Good morning. What application do I use to open it? I'm not seeing the cipher_suite section? Are you able to just attach me your copy for me to upload? Can we also get it as a Mobile certificate to install? Same as the one in the folder? Except one that allows all of them to activate? Also, for the new Macs, sudo service ssl restart doesn't work anymore? Some of the codes change such as with dns cache flushing. Somebody else mentioned that your code seems for Linux. Although the sudo nano string worked. Another commentator posted how that it's more for the browser developers to have to worry about that instead.

Edited by supertopsecret, 30 November 2023 - 07:42 PM.

If you insist on opening and editing the config file, you should be able to open it with any text editor, or the vi command line tool.

Most Linux command will work on Mac, as the Mac OS is based on BSD, which is part of the wider *nix family of operating systems. 

I'm wondering why you would want to change the defaults cipher suites.

If you insist on opening and editing the config file, you should be able to open it with any text editor, or the vi command line tool.

Most Linux command will work on Mac, as the Mac OS is based on BSD, which is part of the wider *nix family of operating systems. 

I'm wondering why you would want to change the defaults cipher suites.

     Good morning. The screenshots will show why I want to change the default cipher suites. It's to enable forward secrecy. I opened it via the text editor and using the terminal. There wasn't a cipher suite name to be able to do that?

No.  As Win11DataSavior pointed out, the cypher suites are configured in the openssl.cnf file.

I ask because it appears you are a bit unsure about how the cypher suites are configured and how forward secrecy works. On a Mac, you should just be able to go with the defaults, unless you are sure you know what you are doing.

     Good morning? How do I get all of these cipher suites to show as forward secrecy? Also, Ssl 3 and 2 seem to be missing?