Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
Matt Caswell
matt at openssl.org
Mon Dec 7 15:18:33 UTC 2020
On 07/12/2020 14:26, Jakob Bohm via openssl-users wrote:
>>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
>> This one was only ever used in the SSLv2 implementation. Since no one
>> uses SSLv2 any more and it is considered highly insecure its
>> implementation was removed some while ago. So the reason code was also
>> deleted.
> So what error is returned by SSL3/TLS1.x when the client (erroneously)
> offers an empty cipher list?
Offering no ciphers at all would actually be a protocol error (since the
RFCs require at least one ciphersuite to be sent). We actually treat it
the same way as if none of the clients offered ciphersuites match with
the server's list. The error in this case is SSL_R_NO_SHARED_CIPHER.
Matt
More information about the openssl-users
mailing list