[openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?

Matt Caswell matt at openssl.org
Thu Jun 1 09:41:55 UTC 2017

On 31/05/17 21:22, Siyuan Xiang wrote:
> Hi all, 
> I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher. 
> I have a client using openssl 1.1.0e. It doesn't include
> TLS_RSA_WITH_RC4_128_MD5. 
> I have recompiled the openssl using  enable-weak-ssl-ciphers, but it
> doesn't work
> but  TLS_RSA_WITH_RC4_128_SHA  is in client hello message. 
> It looks like all MD5 related ciphers are removed.  I tried to
> use SSL_CTX_set_security_level to 
> set level to 0. but it doesn't work. 
> Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5? 

How have you configured your ciphersuite list? I can get this to work in
1.1.0 using s_server and s_client.

Having built with "enable-weak-ssl-ciphers" I start up s_server like this:

$ openssl s_server -cipher "RC4-MD5:@SECLEVEL=0"

And then run s_client like this:

$ openssl s_client -cipher "RC4-MD5:@SECLEVEL=0"

The connection is successful and uses the RC4-MD5 ciphersuite (aka


More information about the openssl-users mailing list