how to enable DHE ciphers on openssl for using on command line

M K Saravanan mksarav at gmail.com
Wed Nov 17 13:33:57 UTC 2021


> I am extremely for making such a basic stupid mistake.

I am extremely sorry.

On Wed, 17 Nov 2021 at 21:19, M K Saravanan <mksarav at gmail.com> wrote:
>
> Thanks Matt.
>
> I am extremely for making such a basic stupid mistake.
>
> On Wed, 17 Nov 2021 at 18:33, Matt Caswell <matt at openssl.org> wrote:
> >
> >
> >
> > On 17/11/2021 08:25, M K Saravanan wrote:
> > > Hi,
> > >
> > > Do I need to do any config to enable DHE based ciphers in openssl for
> > > command line usage?
> > >
> > > $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
> > > 10.10.16.100:443
> >
> > You have the wrong name for this ciphersuite. OpenSSL uses its own
> > naming scheme. The mapping between the names you will see in the
> > specification and OpenSSL names are on this page:
> >
> > https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
> >
> > The OpenSSL name for this particular ciphersuite is
> > "DHE-RSA-AES128-GCM-SHA256"
> >
> > Matt
> >
> >
> >
> > > Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
> > > 139775998456896:error:140E6118:SSL
> > > routines:ssl_cipher_process_rulestr:invalid
> > > command:ssl/ssl_ciph.c:1028:
> > >
> > > mksarav at ubuntu1804:~$ openssl version
> > > OpenSSL 1.1.1d  10 Sep 2019
> > >
> > > Non DHE ciphers are working fine with the above command option.  Are
> > > they purposely removed for security reasons? I need to use DHE ciphers
> > > for some testing purpose. Is there anyway can I use it?
> > >
> > >
> > > with regards,
> > > Saravanan
> > >


More information about the openssl-users mailing list