[openssl-users] Using weak ciphers in OpenSSL v 1.1.0e client

gerritvn gerritvn at gpvno.co.za
Wed Jun 7 16:13:17 UTC 2017


We are using OpenSSL in a terminal emulation product.
We recently upgraded from OpenSSL v 1.0.2g to OpenSSL v 1.1.0e.
Some servers we connect to do not support any of the strong ciphers which
are compiled by default in OpenSSL v 1.1.0e and returns an alert with
"handshake error". 
We recompiled with the option "enable-weak-ssl-ciphers", but that does not
solve the problem.
With OpenSSL v 1.0.2g one specific server selected the Cipher Suite:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) which is shown as DES-CBC3-SHA by
OpenSSL
Listing ciphers with our OpenSSL 1.1.0e "enable-weak-ssl-ciphers" build with
the command:
openssl ciphers -v "ALL:@SECLEVEL=0" 
shows this entry:
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
This cipher is, however, not offered in the Client Hello when our client
opens the connection.

What do we need to add to our program to get our client to offer the weak
ciphers as well as the strong ones?





--
View this message in context: http://openssl.6102.n7.nabble.com/Using-weak-ciphers-in-OpenSSL-v-1-1-0e-client-tp71061.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list