[openssl-users] how to control the cipher list of an openssl server

Chris Bare chris.bare at gmail.com
Mon Mar 12 22:53:42 UTC 2018

I have a fairly basic server set up based on various examples I've seen.

I run an nmap script I found against it and see only 16 ciphers listed,
none of which are supported by modern web browsers.
Yet when I run "openssl ciphers I get a list of 97.

I realize some of these are old and deprecated etc, but where does the
default list come from?

I tried this code to set it to use one of the more modern ciphers shown in
the the openssl ciphers output:

char *ssl_cipher = "ECDHE-ECDSA-AES128-GCM-SHA256";
if(!SSL_CTX_set_cipher_list(jav->ctx, ssl_cipher))
         return (false);

but after that the nmap script doesn't find any ciphers.

Any suggestions?

Chris Bare
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/afd61a11/attachment.html>

More information about the openssl-users mailing list