[openssl-users] How to use ADH with OpenSSL 1.1.0
per.frykenvall at cgi.com
Thu Apr 12 11:12:16 UTC 2018
I need to permit some anonymous Diffie-Hellman ciphers in OpenSSL. This worked fine until I installed 1.1.0h when I get "no shared cipher". I debugged and found the cause in ssl_security_default_callback, ssl_cert.c line 1028:
/* No unauthenticated ciphersuites */
if (c->algorithm_auth & SSL_aNULL)
So do I need to have my own callback, using SSL_CTX_set_security_callback? The manual page is not very informative and I'm not sure about how to implement the callback. I wouldn't like to duplicate all the other checks of the default callback.
Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, but as far as I understand, it switches off some other cipher checks. What's the recommended way of allowing ADH?
More information about the openssl-users