[openssl-users] Using weak ciphers in OpenSSL v 1.1.0e client
bkaduk at akamai.com
Wed Jun 7 16:15:57 UTC 2017
On 06/07/2017 11:13 AM, gerritvn wrote:
> We are using OpenSSL in a terminal emulation product.
> We recently upgraded from OpenSSL v 1.0.2g to OpenSSL v 1.1.0e.
> Some servers we connect to do not support any of the strong ciphers which
> are compiled by default in OpenSSL v 1.1.0e and returns an alert with
> "handshake error".
> We recompiled with the option "enable-weak-ssl-ciphers", but that does not
> solve the problem.
> With OpenSSL v 1.0.2g one specific server selected the Cipher Suite:
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) which is shown as DES-CBC3-SHA by
> Listing ciphers with our OpenSSL 1.1.0e "enable-weak-ssl-ciphers" build with
> the command:
> openssl ciphers -v "ALL:@SECLEVEL=0"
> shows this entry:
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
> This cipher is, however, not offered in the Client Hello when our client
> opens the connection.
> What do we need to add to our program to get our client to offer the weak
> ciphers as well as the strong ones?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users