[openssl-users] The default cipher of executable 'openssl'
dthompson at prinpay.com
Thu Jun 11 10:03:39 UTC 2015
> From: openssl-users On Behalf Of Aaron
> Sent: Wednesday, June 10, 2015 03:47
> We are using executable 'apps/openssl' in our test cases. We upgraded from
> OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test
> started to fail. After checking, I noticed that the default cipher of
> 'openssl' was changed from ECDHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA
'openssl' doesn't have "a" default cipher; it implements over 40 subcommands
which use different kinds of ciphers with different defaults or none. You
to be talking about the 's_client' or 's_server' subcommand, which use the
library's SSL/TLS default cipherLIST, which contains about 100 ciphersuites
in preference order. The only differences in this list between 1.0.1l and
are that 1.0.2a (also 1.0.1m and 1.0.0r) removes the long-obsolete EXPORT
suites (finally, perhaps due to the FREAK and Logjam attacks exploiting
and adds newly-implemented static-DH suites, which are ignored unless your
server has a certificate for a DH key, which in practice nobody does, so
don't affect you (other than further bloating the ClientHello message).
Both 1.0.1 and 1.0.2 have ECDHE-RSA-AES256-SHA ordered before
DHE-RSA-AES256-SHA, so s_client talking to a server that honors client
preference should still get the same result, and s_server listening to a
client that has the same preference should still get the same result.
Whatever changed in your test this wasn't it.
> OpenSSL 1.0.2. The related description in OpenSSL 1.0.2 change log is as
> follows. <snip>
> My question is how to enable automatic EC temporary key parameter
Commandline doesn't use that feature (yet?), only updated app code
using the library. Both 1.0.1 and 1.0.2 default to a fixed curve, P256, and
allow you to specify any (fixed) named curve, see -named_curve.
> Is it possible to change the default cipher back to ECDHE-RSA-AES256-SHA?
There's no change to be changed back.
All the above assumes that when you identify versions of OpenSSL you
mean executables compiled from those version source releases without
modification. If either or both of your executables was built with any
source changes or any configuration options that alter the release
behavior, all bets are off; you'll have to look at your specific builds.
E.g. RedHat builds used to nobble all ECC (but that was fixed by 1.0.2a).
If you ARE using release versions, try getting traces (either externally
with something like wireshark or tcpdump, or internally with -msg and/or
-debug in either s_client or s_server) to see if anything is materially
different on the wire (and what).
More information about the openssl-users