<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>just find it, </div><div> server respect client's cipher preference by default, </div><div><span style="color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px;"> it selects the suite preferred by client among the cipherlist that both the client and server support.</span></div><div> so it's not enough to just increase RSA cipher priority on server side , </div><div> <span style="color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px;">SSL_OP_CIPHER_SERVER_PREFERENCE will make the server select the suite that itself most prefer among </span><span style="color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px;">the cipherlist that both the client and server support</span><span style="color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px;">.</span></div><br><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div><br>在 2017-09-26 15:15:10,"李明" <mid_li@163.com> 写道:<br> <blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hello, </div><div> Currently, openssl prefer (EC)DHE handshakes over plain RSA, but (EC)DHE cost much more resouces than RSA.</div><div> In order to get higher performance , I want to <span style="color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px; line-height: 24px; background-color: rgb(242, 242, 242);"><span class="Apple-converted-space"> </span></span><span id="blng_tran_14_6" data-aligning="#blng_src_14_7,#blng_tran_14_6" class="" style="margin: 0px; padding: 0px; border: 0px; outline: 0px; color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px; line-height: 24px; background-color: rgb(242, 242, 242);">prioritize RSA related ciphers, does anyone knows how to do it.</span></div><div><span data-aligning="#blng_src_14_7,#blng_tran_14_6" class="" style="margin: 0px; padding: 0px; border: 0px; outline: 0px; color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px; line-height: 24px; background-color: rgb(242, 242, 242);"> </span></div><div><span data-aligning="#blng_src_14_7,#blng_tran_14_6" class="" style="margin: 0px; padding: 0px; border: 0px; outline: 0px; color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px; line-height: 24px; background-color: rgb(242, 242, 242);"> I have tried cipherlist "</span><span style="color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px;">RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL</span><span style="background-color: rgb(242, 242, 242); color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px;">" , it looks fine in openssl command line</span></div><div><span data-aligning="#blng_src_14_7,#blng_tran_14_6" class="" style="margin: 0px; padding: 0px; border: 0px; outline: 0px; color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px; line-height: 24px; background-color: rgb(242, 242, 242);"> </span><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">./openssl ciphers -v 'RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL' </span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD</span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;"><br></span></font></div><div><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;"> but, after SSL_CTX_set_cipher_list(ctx, "</span></font><span style="color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic"; font-size: 12px;">RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL</span><span style="font-size: 12px; color: rgb(67, 67, 67); font-family: Tahoma, Arial, 宋体, "Malgun Gothic";">") in my application, it didn't work, the first choice is still </span><font color="#434343" face="Tahoma, Arial, 宋体, Malgun Gothic"><span style="font-size: 12px;">ECDHE-RSA-AES256-GCM-SHA384</span></font></div></div><br><br><span title="neteasefooter"><div id="netease_mail_footer"><div style="border-top:#CCC 1px solid;padding:10px 5px;font-size:17px;color:#777;line-height:22px"><a href="http://you.163.com/item/detail?id=1183001&from=web_gg_mail_jiaobiao_7" target="_blank" style="color:#3366FF;text-decoration:none">【网易自营】好吃到爆!鲜香弹滑加热即食,经典13香/麻辣小龙虾仅75元3斤>> </a>
</div></div></span></blockquote></div><br><br><span title="neteasefooter"><div id="netease_mail_footer"><div style="border-top:#CCC 1px solid;padding:10px 5px;font-size:17px;color:#777;line-height:22px"><a href="http://you.163.com/item/detail?id=1165011&from=web_gg_mail_jiaobiao_9" target="_blank" style="color:#3366FF;text-decoration:none">【网易自营|30天无忧退货】仅售同款价1/4!MUJI制造商“2017秋冬舒适家居拖鞋系列”限时仅34.9元>> </a>
</div></div></span>