[openssl-users] Integrating New Cipher Suite

Dr. Stephen Henson steve at openssl.org
Tue Apr 18 11:59:51 UTC 2017

On Fri, Apr 14, 2017, Schmicker, Robert wrote:

> After some debugging (exactly as mentioned above) it appears that the cipher suite does not show up in the ClientHello using the s_client/s_server. I modified the cipher for testing to use 512 bits instead of 64 so that it is ranked highest.
> Error server side:
> SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979
> Error Client side:
> SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80
> Any idea why the cipher would appear under the list of supported tls1.2 ciphers, yet it does not appear under the ClientHello even if specified with the -cipher option?

Hmm... it's not clear why the cipher isn't being sent in client hello. What
output do you get with -security_debug_verbose option? Also try including
@SECLEVEL=0 in the cipher string.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list