<div dir="ltr">Hi Matt,<div><br></div><div>I tried the following command, it failed. following is my command. </div><div><br></div><div>./config enable-weak-ssl-ciphers --prefix=/opt</div><div>make</div><div>make DESTDIR=/path/to/dir INSTALL</div><div><br></div><div><div>$ ./openssl version</div><div>OpenSSL 1.1.0e 16 Feb 2017</div></div><div><br></div><div><div>./openssl s_client -cipher "RC4-MD5:@SECLEVEL=0"<br></div><div><br></div><div><div>error setting cipher list</div><div>140369010624144:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1337:</div></div><div><br></div><div><br></div><div><div>./openssl ciphers "RC4-MD5:@SECLEVEL=0"</div><div>Error in cipher list</div><div>140458428679936:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2018:</div></div><div><br></div><div>However, after I change SSL_CTX_set_XXX function orders, <span style="font-size:12.8px">TLS_RSA_WITH_RC4_128_MD5 do appear in client hello cipher list.</span></div><br> SSL_CTX_set_security_level(ctx, 0);<br> SSL_CTX_set_cipher_list(ctx, "ALL:RC4-MD5");</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Regards,<br>Siyuan<br>---<br></div></div>
<br><div class="gmail_quote">On Thu, Jun 1, 2017 at 2:41 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 31/05/17 21:22, Siyuan Xiang wrote:<br>
> Hi all,<br>
><br>
> I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher.<br>
><br>
> I have a client using openssl 1.1.0e. It doesn't include<br>
> TLS_RSA_WITH_RC4_128_MD5.<br>
> I have recompiled the openssl using enable-weak-ssl-ciphers, but it<br>
> doesn't work<br>
> but TLS_RSA_WITH_RC4_128_SHA is in client hello message.<br>
><br>
> It looks like all MD5 related ciphers are removed. I tried to<br>
> use SSL_CTX_set_security_level to<br>
> set level to 0. but it doesn't work.<br>
><br>
> Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5?<br>
<br>
</span>How have you configured your ciphersuite list? I can get this to work in<br>
1.1.0 using s_server and s_client.<br>
<br>
Having built with "enable-weak-ssl-ciphers" I start up s_server like this:<br>
<br>
$ openssl s_server -cipher "RC4-MD5:@SECLEVEL=0"<br>
<br>
And then run s_client like this:<br>
<br>
$ openssl s_client -cipher "RC4-MD5:@SECLEVEL=0"<br>
<br>
The connection is successful and uses the RC4-MD5 ciphersuite (aka<br>
TLS_RSA_WITH_RC4_128_MD5).<br>
<span class="HOEnZb"><font color="#888888"><br>
Matt<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div>