[EXTERNAL] Re: Openssl TLSv1.3 ciphers failing during handshake

Matt Caswell matt at openssl.org
Wed Jul 12 10:12:01 UTC 2023


Yes, TLSv1_client_method() is deprecated for exactly this reason.

Regards

Matt

On 12/07/2023 10:54, kgoudra at ups.com wrote:
> Hi,
> 
> Just noticed we are passing TLSv1_client_method().
> I changed it to TLS_client_method() now, after which I am able to make connection with TLSv1.3
> 
> Thanks for your guidance!
> 
> Thanks
> -----Original Message-----
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Matt Caswell
> Sent: Wednesday, July 12, 2023 3:11 AM
> To: openssl-users at openssl.org
> Subject: [EXTERNAL] Re: Openssl TLSv1.3 ciphers failing during handshake
> 
> CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.
> 
> ======================================================================
> 
> 
> On 12/07/2023 09:06, kgoudra--- via openssl-users wrote:
>> 139821832050432:error:141A90B5:SSL
>> routines:ssl_cipher_list_to_bytes:no
>> ciphers available:ssl/statem/statem_clnt.c:3802:No ciphers enabled for
>> max supported SSL/TLS version
> 
> This tells us that it thinks you have not configured any ciphers suitable for the highest TLS protocol version it thinks it can use.
> 
>>
>> *const char *cipher_list =
>> "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_S
>> HA256";*
>>
>> *SSL_CTX_set_cipher_list(pCtx, "");*
>>
>> *SSL_CTX_set_ciphersuites(pCtx, cipher_list);*
> 
> 
> This disables all ciphers for <= TLSv1.2 - which would be consistent with the above error message if it believes that the highest protocol version it supports is <= TLSv1.2.
> 
> What SSL_METHOD are you using in the client when you create the SSL_CTX?
> i.e. what parameter do you pass to `SSL_CTX_new()`?
> 
> Matt


More information about the openssl-users mailing list