[openssl-users] using NULL ciphers
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Aug 22 18:08:42 UTC 2018
> On Aug 22, 2018, at 1:56 PM, Qi Zeng <qzeng at odva.org> wrote:
>
> I’m trying to use NULL cipher such as ECDHE-ECDSA-NULL-SHA for debugging purpose. With OpenSSL version 1.0.2p, I was able to make it work. However with version 1.1.0i or 1.1.1 prev 9, SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-NULL-SHA") succeeded but SSL_Connect () failed. Is there any way to enable NULL ciphers with version 1.1.0i or later?
Yes, you need to use:
"ECDHE-ECDSA-NULL-SHA:@SECLEVEL=0"
at present there are no separate controls to distinguish between the
authentication security level and the encryption security level, so
this also removes floors on the keys used in the certificates, but
for debugging that should not be an obstacle...
--
Viktor.
More information about the openssl-users
mailing list