It would be incredible useful to have a cipher suite alias to enable all TLS 1.3 ciphers at once. At the moment RSA+AESGC just happens to pull in TLS13-AES-128-GCM-SHA256 because the TLS 1.3 cipher suite is marked with RSA for key agreement and auth. On the other hand ECDHE+AESGCM does not enable the new TLS 1.3 cipher suite. Technically either one or the other way is wrong.
I propose a cipher string like TLSv1.3 or TLS13 to simply enable all supported TLS 1.3 suites at once. This would allow me to prepare Python for OpenSSL 1.1.1 now. https://bugs.python.org/issue29136#msg286032 @Lukasa has shown an interested for Python requests, too.
Example
SSL_CTX_set_cipher_list(ctx, "TLSv1.3:ECDHE+AESGCM:RSA+AESGCM");
Related to my proposal, would it be possible to agree on strings for AES-256 and ChaCha20 cipher suites, too? It would help with my mod_nss patch tiran/mod_nss@4aeaeb7#diff-23167ee242b9b7d381375618267ae6afR132 . How do you like TLS13-AES-256-GCM-SHA384 and TLS13-CHACHA20-POLY1305?
It would be incredible useful to have a cipher suite alias to enable all TLS 1.3 ciphers at once. At the moment
RSA+AESGCjust happens to pull inTLS13-AES-128-GCM-SHA256because the TLS 1.3 cipher suite is marked with RSA for key agreement and auth. On the other handECDHE+AESGCMdoes not enable the new TLS 1.3 cipher suite. Technically either one or the other way is wrong.I propose a cipher string like
TLSv1.3orTLS13to simply enable all supported TLS 1.3 suites at once. This would allow me to prepare Python for OpenSSL 1.1.1 now. https://bugs.python.org/issue29136#msg286032 @Lukasa has shown an interested for Python requests, too.Example
Related to my proposal, would it be possible to agree on strings for AES-256 and ChaCha20 cipher suites, too? It would help with my mod_nss patch tiran/mod_nss@4aeaeb7#diff-23167ee242b9b7d381375618267ae6afR132 . How do you like
TLS13-AES-256-GCM-SHA384andTLS13-CHACHA20-POLY1305?