[openssl-users] The default cipher of executable 'openssl'

Dave Thompson dthompson at prinpay.com
Thu Jun 11 10:03:39 UTC 2015 

> From: openssl-users On Behalf Of Aaron
> Sent: Wednesday, June 10, 2015 03:47

> We are using executable 'apps/openssl' in our test cases. We upgraded from
> OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test
cases
> started to fail. After checking, I noticed that the default cipher of
> 'openssl' was changed from ECDHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA

'openssl' doesn't have "a" default cipher; it implements over 40 subcommands

which use different kinds of ciphers with different defaults or none. You
appear 
to be talking about the 's_client' or 's_server' subcommand, which use the 
library's SSL/TLS default cipherLIST, which contains about 100 ciphersuites 
in preference order. The only differences in this list between 1.0.1l and
1.0.2a 
are that 1.0.2a (also 1.0.1m and 1.0.0r) removes the long-obsolete EXPORT 
suites (finally, perhaps due to the FREAK and Logjam attacks exploiting
them)
and adds newly-implemented static-DH suites, which are ignored unless your 
server has a certificate for a DH key, which in practice nobody does, so
they 
don't affect you (other than further bloating the ClientHello message).

Both 1.0.1 and 1.0.2 have ECDHE-RSA-AES256-SHA ordered before 
DHE-RSA-AES256-SHA, so s_client talking to a server that honors client 
preference should still get the same result, and s_server listening to a 
client that has the same preference should still get the same result.
Whatever changed in your test this wasn't it.

> OpenSSL 1.0.2. The related description in OpenSSL 1.0.2 change log is as
> follows. <snip>
> My question is how to enable automatic EC temporary key parameter
> selection?

Commandline doesn't use that feature (yet?), only updated app code 
using the library. Both 1.0.1 and 1.0.2 default to a fixed curve, P256, and 
allow you to specify any (fixed) named curve, see -named_curve.

> Is it possible to change the default cipher back to ECDHE-RSA-AES256-SHA?

There's no change to be changed back.

All the above assumes that when you identify versions of OpenSSL you 
mean executables compiled from those version source releases without 
modification. If either or both of your executables was built with any 
source changes or any configuration options that alter the release 
behavior, all bets are off; you'll have to look at your specific builds.
E.g. RedHat builds used to nobble all ECC (but that was fixed by 1.0.2a).
If you ARE using release versions, try getting traces (either externally 
with something like wireshark or tcpdump, or internally with -msg and/or 
-debug in either s_client or s_server) to see if anything is materially 
different on the wire (and what).

More information about the openssl-users mailing list