cipherlist with only tlsv1.3 ciphers reports error?

PGNet Dev pgnet.dev at gmail.com
Fri Jul 19 21:16:30 UTC 2019 

> Works for me:
> $ openssl ciphers  -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'


simplifying to build defaults

	./config -v \
	 --prefix=/usr/local/ssl-test \
	 --openssldir=/usr/local/ssl-test \
	 --libdir=lib64 \
	 -Wl,-rpath=/usr/local/ssl-test/lib64
	make depend
	make

builds with no apparent errors.

tests pass

	make test
		...
		All tests successful.
		Files=155, Tests=1410, 187 wallclock secs ( 7.50 usr  1.48 sys + 159.26 cusr 37.30 csys = 205.54 CPU)
		Result: PASS
		make[1]: Leaving directory '/usr/local/src/openssl11/openssl-1.1.1c'

and after install

	make install_sw

reports

	/usr/local/ssl-test/bin/openssl version
		OpenSSL 1.1.1c  28 May 2019

	/usr/local/ssl-test/bin/openssl version -f -p
		platform: linux-x86_64
		compiler: /usr/bin/gcc-9 -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG

	ldd /usr/local/ssl-test/bin/openssl
	        linux-vdso.so.1 (0x00007ffe91be9000)
	        libssl.so.1.1 => /usr/local/ssl-test/lib64/libssl.so.1.1 (0x00007f5e52c96000)
	        libcrypto.so.1.1 => /usr/local/ssl-test/lib64/libcrypto.so.1.1 (0x00007f5e527b0000)
	        libdl.so.2 => /lib64/libdl.so.2 (0x00007f5e525ac000)
	        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5e5238e000)
	        libc.so.6 => /lib64/libc.so.6 (0x00007f5e51fd4000)
	        /lib64/ld-linux-x86-64.so.2 (0x00007f5e531df000)

still fails as above,

	/usr/local/ssl-test/bin/openssl ciphers -v 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'

		Error in cipher list
		139704422536256:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

	/usr/local/ssl-test/bin/openssl ciphers -v ECDHE-ECDSA-AES256-GCM-SHA384
		TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
		TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
		TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
		ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD


also, checking the DISTRO-build,

	/usr/bin/openssl version
		OpenSSL 1.1.0i-fips  14 Aug 2018

fails too,

	/usr/bin/openssl ciphers -v 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'
		Error in cipher list
		140437655795520:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2193:

More information about the openssl-users mailing list