how to enable DHE ciphers on openssl for using on command line

Matt Caswell matt at openssl.org
Wed Nov 17 10:33:24 UTC 2021



On 17/11/2021 08:25, M K Saravanan wrote:
> Hi,
> 
> Do I need to do any config to enable DHE based ciphers in openssl for
> command line usage?
> 
> $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
> 10.10.16.100:443

You have the wrong name for this ciphersuite. OpenSSL uses its own 
naming scheme. The mapping between the names you will see in the 
specification and OpenSSL names are on this page:

https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

The OpenSSL name for this particular ciphersuite is 
"DHE-RSA-AES128-GCM-SHA256"

Matt



> Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
> 139775998456896:error:140E6118:SSL
> routines:ssl_cipher_process_rulestr:invalid
> command:ssl/ssl_ciph.c:1028:
> 
> mksarav at ubuntu1804:~$ openssl version
> OpenSSL 1.1.1d  10 Sep 2019
> 
> Non DHE ciphers are working fine with the above command option.  Are
> they purposely removed for security reasons? I need to use DHE ciphers
> for some testing purpose. Is there anyway can I use it?
> 
> 
> with regards,
> Saravanan
> 


More information about the openssl-users mailing list