[openssl-users] how to control the cipher list of an openssl server
Chris Bare
chris.bare at gmail.com
Mon Mar 12 22:53:42 UTC 2018
I have a fairly basic server set up based on various examples I've seen.
I run an nmap script I found against it and see only 16 ciphers listed,
none of which are supported by modern web browsers.
Yet when I run "openssl ciphers I get a list of 97.
I realize some of these are old and deprecated etc, but where does the
default list come from?
I tried this code to set it to use one of the more modern ciphers shown in
the the openssl ciphers output:
char *ssl_cipher = "ECDHE-ECDSA-AES128-GCM-SHA256";
if(!SSL_CTX_set_cipher_list(jav->ctx, ssl_cipher))
return (false);
but after that the nmap script doesn't find any ciphers.
Any suggestions?
--
Chris Bare
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/afd61a11/attachment.html>
More information about the openssl-users
mailing list