[openssl-users] AESCBC support in SSL

ASHIQUE CK ckashiquekvk at gmail.com
Mon Nov 19 05:53:53 UTC 2018


Is it the problem with that strings or  TLS/SSL version or any other ?

On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashiquekvk at gmail.com> wrote:

> Hi,
> I had given all the cipher strings for  "SSL_CTX_set_cipher_list" which we
> get under the command 'openssl ciphers' that includes CBC, but any of them
> didnot worked. All of them showed the error "error:141640B5:SSL
> routines:tls_construct_client_hello:no ciphers available". I have used
> TLSv1_2 or SSLv23.
> Also I have tried setting  these strings for "SSLCipherSuite" at apache
> server configuration. But it makes no change for choosing the server
> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
>
> Thanks
>
> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni <
> openssl-users at dukhovni.org> wrote:
>
>>
>>
>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashiquekvk at gmail.com> wrote:
>> >
>> > Does SSL connection supports AESCBC?
>>
>> Yes, but not under that name.
>>
>> >  I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or
>> in "SSLCipherSuite" at apache server side.
>>
>> For example (constrained also to RSA and ECDHE to keep the list short):
>>
>>   $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM'
>>   ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
>>   ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
>>
>> There isn't a cipherlist property that specifically selects CBC, so to
>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM).
>>
>> --
>>         Viktor.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181119/ac18c6b6/attachment.html>


More information about the openssl-users mailing list