[openssl-users] Default ciphersuite has changed from 1.0.1l to 1.0.2a?

Aaron wangqun at alumni.nus.edu.sg
Thu May 7 08:56:36 UTC 2015


Hello,

We have an OpenSSL application in which the client calls SSL_connect() to
connect to the server. 

We upgraded the OpenSSL used inour application from 1.0.1l to 1.0.2a
recently.

When OpenSSL 1.0.1l was used, the ciphersuite the client got was
ECDHE_RSA_WITH_AES_256_CBC_SHA. When OpenSSL 1.0.1a is used, we notice that
the ciphersuite the client gets has become DHE_RSA_WITH_AES_256_CBC_SHA.

I traced OpenSSL 1.0.2a source code. Here is the stack trace.
ssl_get_cipher_by_char()
ssl3_get_server_hello()
ssl3_connect()
SSL_connect()
ssl23_get_server_hello()
ssl23_connect()
SSL_connect()

I noticed that in routine ssl_get_cipher_by_char() the internal cipher name
it gets is DHE_RSA_AES256_SHA which should be corresponding to
DHE_RSA_WITH_AES_256_CBC_SHA.

My question is if this behavior change is expected?

Thanks in advance,
Aaron



--
View this message in context: http://openssl.6102.n7.nabble.com/Default-ciphersuite-has-changed-from-1-0-1l-to-1-0-2a-tp57937.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list