[openssl-users] The default cipher of executable 'openssl'

Aaron wangqun at alumni.nus.edu.sg
Wed Jun 10 07:47:05 UTC 2015


We are using executable 'apps/openssl' in our test cases. We upgraded from
OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test cases
started to fail. After checking, I noticed that the default cipher of
'openssl' was changed from ECDHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA in
OpenSSL 1.0.2. The related description in OpenSSL 1.0.2 change log is as

474   *) Support for automatic EC temporary key parameter selection. If
475      the most preferred EC parameters are automatically used instead of 
476      hardcoded fixed parameters. Now a server just has to call: 
477      SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically 
478      support ECDH and use the most appropriate parameters. 
479      [Steve Henson] 

My question is how to enable automatic EC temporary key parameter selection?
Is it possible to change the default cipher back to ECDHE-RSA-AES256-SHA?


View this message in context: http://openssl.6102.n7.nabble.com/The-default-cipher-of-executable-openssl-tp58557.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list