[openssl-users] SSL_CTX_set_cipher_list returns failure for DHE-DSS-AES256-GCM-SHA384

Benjamin Kaduk bkaduk at akamai.com
Wed Sep 6 12:47:22 UTC 2017


On 09/06/2017 12:02 AM, mahesh gs wrote:
> Hi All,
>
> I am using openssl version 01.01.00f for providing TLS and DTLS
> security for TCP and SCTP connection for our application. I have query
> regarding the "Ciphers" that are accepted by the
> SSL_CTX_set_cpiher_list API. The list of ciphers that are supported by
> openssl version 01.01.00f that is output of command "openssl ciphers
> -v" is as listed down below. When i try to set these ciphers through
> API "SSL_CTX_set_cipher_list" returns success for some and failure for
> some other ciphers.
>
> For example if i set "ECDHE-RSA-AES256-GCM-SHA384" API returns success
> but if i set "DHE-DSS-AES256-GCM-SHA384" or "RC4-MD5" API returns
> failure. My query is what are the accepted ciphers ? and what is the
> reason behind not accepting some of them?
>

OpenSSL 1.1.0 added a concept of "security level" for ciphers; see
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level
for which levels correspond to bits of security, prohibited message
digests, etc.

-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170906/bdf43a01/attachment-0001.html>


More information about the openssl-users mailing list