[openssl-users] The default cipher of executable 'openssl'
Aaron
wangqun at alumni.nus.edu.sg
Wed Jun 10 07:47:05 UTC 2015
Hello,
We are using executable 'apps/openssl' in our test cases. We upgraded from
OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test cases
started to fail. After checking, I noticed that the default cipher of
'openssl' was changed from ECDHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA in
OpenSSL 1.0.2. The related description in OpenSSL 1.0.2 change log is as
follows.
474 *) Support for automatic EC temporary key parameter selection. If
enabled
475 the most preferred EC parameters are automatically used instead of
476 hardcoded fixed parameters. Now a server just has to call:
477 SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
478 support ECDH and use the most appropriate parameters.
479 [Steve Henson]
My question is how to enable automatic EC temporary key parameter selection?
Is it possible to change the default cipher back to ECDHE-RSA-AES256-SHA?
Thanks,
Aaron
--
View this message in context: http://openssl.6102.n7.nabble.com/The-default-cipher-of-executable-openssl-tp58557.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users
mailing list