0
votes

I'm having issues with a application that is getting an SSL handshake error. The developers believe it's because we have the wrong ciphers on our server. They are trying to use a cipher called TLS_RSA_WITH_AES_256_CBC_SHA. From what I've found, the openssl name for this cipher is AES256-SHA. When I list this cipher in openssl (I'm running openssl version 1.0.2k-fips) it's listed as an SSLv3 cipher:

0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

Why would this be listed as SSLv3 and not TLS?

1

1 Answers

1
votes

Because the ciphers command in OpenSSL shows you the minimum SSL/TLS version that a ciphersuite is compatible with. That particular ciphersuite is compatible with all SSL/TLS versions from SSLv3 up to TLSv1.2.