[openssl-users] AESCBC support in SSL
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Nov 16 15:27:32 UTC 2018
> On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashiquekvk at gmail.com> wrote:
>
> Does SSL connection supports AESCBC?
Yes, but not under that name.
> I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or in "SSLCipherSuite" at apache server side.
For example (constrained also to RSA and ECDHE to keep the list short):
$ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM'
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
There isn't a cipherlist property that specifically selects CBC, so to
get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM).
--
Viktor.
More information about the openssl-users
mailing list