[openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?
Matt Caswell
matt at openssl.org
Thu Jun 1 09:41:55 UTC 2017
On 31/05/17 21:22, Siyuan Xiang wrote:
> Hi all,
>
> I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher.
>
> I have a client using openssl 1.1.0e. It doesn't include
> TLS_RSA_WITH_RC4_128_MD5.
> I have recompiled the openssl using enable-weak-ssl-ciphers, but it
> doesn't work
> but TLS_RSA_WITH_RC4_128_SHA is in client hello message.
>
> It looks like all MD5 related ciphers are removed. I tried to
> use SSL_CTX_set_security_level to
> set level to 0. but it doesn't work.
>
> Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5?
How have you configured your ciphersuite list? I can get this to work in
1.1.0 using s_server and s_client.
Having built with "enable-weak-ssl-ciphers" I start up s_server like this:
$ openssl s_server -cipher "RC4-MD5:@SECLEVEL=0"
And then run s_client like this:
$ openssl s_client -cipher "RC4-MD5:@SECLEVEL=0"
The connection is successful and uses the RC4-MD5 ciphersuite (aka
TLS_RSA_WITH_RC4_128_MD5).
Matt
More information about the openssl-users
mailing list