[openssl-users] Disable EXPORT cipher suites during compilation

Wayming Zhang wayming.z at gmail.com
Mon Jul 20 12:49:16 UTC 2015


Hi Pratyush,

Had a quick search in the source, seems like "no-exp" doesn't change 
anything. OPENSSL_NO_EXP is defined(by opensslconf.h) when "no-exp" is 
specified with Configuration command, however, it is not used at all.

Regards
Way

On 17/07/15 03:19, pratyush parimal wrote:
> Hi everyone,
>
> I am trying to disable the EXPORT ciphers in my OpenSSL code, during 
> compile-time.
>
> I'm able to do so at runtime by including '!EXP' in the string I use 
> with SSL_CTX_set_cipher_list(). However, I'm wondering is there an 
> option (like 'no-rc5') that I can pass to Configure?
>
> ./Configure --help says that I can use no-<cipher> to disable stuff, 
> so I used no-exp, but I think that didn't work since the list of 
> ciphers I get from SSL_get_ciphers() still includes EXP-... ciphers.
>
> So does anyone know of a way to compile them out?
>
> Thanks,
> Pratyush
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150720/b8d92fad/attachment.html>


More information about the openssl-users mailing list