[openssl-users] When ciphers are deprecated?

Matt Caswell matt at openssl.org
Wed Nov 30 09:58:03 UTC 2016

On 30/11/16 09:35, Mattia Rossi wrote:
> Hi all,
> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken,
> because it can't connect to the server, after some research the server
> supports very old TLSv1.0 ciphers.
> So i check what ciphers PHP query for and with different versions of
> openssl i get different result, so in libssl 1.0.2h i have these
> chipers:
> In the last version i haven't.
> Where is the information when ciphers are dropped? and why?

These ciphers have not been dropped in 1.0.2, but reclassified from the
"HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major
changes such as these are normally described in the CHANGES file:


In this case, the following entry is relevant:

  *) In order to mitigate the SWEET32 attack, the DES ciphers were moved
     HIGH to MEDIUM.

     This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
     Leurent (INRIA)
     [Rich Salz]

You can read more about SWEET32 here:



More information about the openssl-users mailing list