[openssl-users] The default cipher of executable 'openssl'
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jun 12 06:46:52 UTC 2015
On Thu, Jun 11, 2015 at 11:19:17PM -0700, Aaron wrote:
> Right, I am talking about s_server subcommand. You mentioned that there is
> no change in this area. However I can easily show something is change using
> s_server subcommand. I am using original OpenSSL code to build my 'openssl',
> to this change is not from me.
>
> 1) 1.0.1l
> ./apps/openssl s_server -ssl3 -cert certdb/ssl_server.pem -WWW -CAfile
> certdb/cafile.pem
> Using default temp DH parameters
> Using default temp ECDH parameters
> ACCEPT
With SSL 3.0, no extension support, thus no supported curves
extension, thus ideally no EDCHE support. If ECDHE happened anyway
with earlier releases, that was a bug that is perhaps now fixed.
> 2) 1.0.2
> ./apps/openssl s_server -ssl3 -cert certdb/ssl_server.pem -WWW -CAfile
> certdb/cafile.pem
> Using default temp DH parameters
> ACCEPT
>
> Note that, in 1.0.2, openssl doesn't print out 'Using default temp ECDH
> parameters'.
To get ECDHE support, use TLSv1.0 or later.
--
Viktor.
More information about the openssl-users
mailing list