How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Satyam Mehrotra satyam226 at gmail.com
Sun Oct 25 07:27:00 UTC 2020 

Hello Everyone,

I have just joined the openssl users community.
My requirement is to have the SSLv3 and weak ciphers enable  with openssl
installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with
openssl-1.1.1h installation

I have followed the below steps

1)  *./config -enable-weak-ssl-ciphers*


*2) The Makefile looks as below*

*===============================*


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl,
Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug
no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd
no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2
no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
"libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
engines/ossltest.so engines/padlock.so

@


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      *./openssl ciphers -V*

*       Segmentation fault (core dumped)*


*Can someone help me in resolving this issue ?*


If i don't use option* "**-enable-weak-ssl-ciphers "  *then the above issue
is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201025/07c446c0/attachment.html>

More information about the openssl-users mailing list