[openssl-users] Cipher preference, openssl vs browsers
Bogdan Harjoc
harjoc at gmail.com
Tue Jul 19 09:16:05 UTC 2016
When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key,
I noticed that browsers select
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(chrome, firefox)
and openssl due to the ciphers list selects
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
openssl s_client -connect 112.175.90.160:443 -cipher
DEFAULT
:!EDH-RSA-DES-CBC3-SHA
:!DHE-RSA-AES128-GCM-SHA256
:!DHE-RSA-AES256-GCM-SHA384
:!DHE-RSA-AES128-SHA256
:!DHE-RSA-AES128-SHA
:!DHE-RSA-AES256-SHA256
:!DHE-RSA-AES256-SHA
:-ECDH
:-EXPORT:-DES:-SEED:-RC4:-PSK:-IDEA
:ECDHE-RSA-AES128-SHA
The error is: dh key too small:.\ssl\s3_clnt.c:3424.
>From a client that uses openssl libs, what would the correct
workaround be ? Try to figure out that the DH key is too small and
retry with the DHE ciphers disabled ? Or reorder the ciphers ? Given
that cipher order can lead to failed handshakes, is there a correct
order for https clients ?
More information about the openssl-users
mailing list