[openssl-users] Getting info on the ciphers supported by a client
Christian Georg
christian.georg at cologne-intelligence.de
Mon Mar 9 08:35:55 UTC 2015
Hi Steve,
thanks for the feedback. I was trying this again this morning and noticed a mistake I made. Not sure if this is intended behaviour.
When combining the -www and -brief option in one call -brief does not create any output to stdout.
So when using this: /usr/local/openssl-1.0.2/bin/openssl s_server -brief -key server.pem -cert server.pem -accept 6011
I got the expected output on stdout (including the unknown ciphers)
When using this: /usr/local/openssl-1.0.2/bin/openssl s_server -brief -www -key server.pem -cert server.pem -accept 6011
I am not getting the output expected from -brief on stdout and the unknown ciphersuites are also not showing up. I thought that by using -www I would getting back a proper http response (with an info page) and in addition all output on the server. This does not seem to be the case.
As I do not need both outputs at the same time I can open separate servers for output to browser based systems and Apps calling a webservice
Cheers
Chris
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: openssl-users [mailto:openssl-users-bounces at openssl.org] Im Auftrag von Dr. Stephen Henson
Gesendet: Freitag, 6. März 2015 21:05
An: openssl-users at openssl.org
Betreff: Re: [openssl-users] Getting info on the ciphers supported by a client
On Fri, Mar 06, 2015, Christian Georg wrote:
>
> Any recommendations on how I can solve my issues without changing the openssl code and add this manually?
>
I'm not sure OpenSSL can do exactly what you want: 1.0.2 has an option to return the raw ciphersuite list sent by the client. The s_server utility will print this out if you set the -brief option. Ciphersuites OpenSSL doesn't recognise are then printed out in hex form.
For example a recent version of Chrome shows:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:0xCC14:0xCC13:0xCC15:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:SCSV
The three hex values correspond to:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x13}
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x15}
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org _______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list