Openssl TLSv1.3 ciphers failing during handshake
Matt Caswell
matt at openssl.org
Wed Jul 12 09:10:47 UTC 2023
On 12/07/2023 09:06, kgoudra--- via openssl-users wrote:
> 139821832050432:error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no
> ciphers available:ssl/statem/statem_clnt.c:3802:No ciphers enabled for
> max supported SSL/TLS version
This tells us that it thinks you have not configured any ciphers
suitable for the highest TLS protocol version it thinks it can use.
>
> *const char *cipher_list =
> "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";*
>
> *SSL_CTX_set_cipher_list(pCtx, "");*
>
> *SSL_CTX_set_ciphersuites(pCtx, cipher_list);*
This disables all ciphers for <= TLSv1.2 - which would be consistent
with the above error message if it believes that the highest protocol
version it supports is <= TLSv1.2.
What SSL_METHOD are you using in the client when you create the SSL_CTX?
i.e. what parameter do you pass to `SSL_CTX_new()`?
Matt
More information about the openssl-users
mailing list