[openssl-users] Unable to select NULL or NULL-MD5
Matt Caswell
matt at openssl.org
Wed Mar 28 23:24:50 UTC 2018
On 29/03/18 00:14, Eric Jacksch wrote:
> Greetings,
>
> I'm using OpenSSL for testing and recently compiled 1.1.0g and h. I'm
> seeing the same behaviour in both.
>
> openssl ciphers -v list the NULL ciphers, but when I try to use NULL or
> NULL-MD5 I get the same result: No ciphers available.
>
> I've tried several compile options to no avail.
>
> Can anyone point me in the right direction?
>
> Thanks!
>
>
> ./openssl s_client -connect x.x.x.x:443 -cipher NULL
Change you cipher list to be `-cipher NULL:@SECLEVEL=0`. If your server
is also running OpenSSL then you'll need to enable it there as well.
The default security level is 1, which disables NULL ciphers amongst
various other things.
Matt
>
> CONNECTED(00000003)
>
> 140735917126464:error:141640B5:SSL
> routines:tls_construct_client_hello:no ciphers
> available:ssl/statem/statem_clnt.c:800:
>
> ---
>
> no peer certificate available
>
> ---
>
> No client certificate CA names sent
>
> ---
>
> SSL handshake has read 0 bytes and written 0 bytes
>
> Verification: OK
>
> ---
>
> New, (NONE), Cipher is (NONE)
>
> Secure Renegotiation IS NOT supported
>
> Compression: NONE
>
> Expansion: NONE
>
> No ALPN negotiated
>
> SSL-Session:
>
> Protocol : TLSv1.2
>
> Cipher : 0000
>
> Session-ID:
>
> Session-ID-ctx:
>
> Master-Key:
>
> PSK identity: None
>
> PSK identity hint: None
>
> SRP username: None
>
> Start Time: 1522278574
>
> Timeout : 7200 (sec)
>
> Verify return code: 0 (ok)
>
> Extended master secret: no
>
> ---
>
> --
> Eric Jacksch, CPP, CISM, CISSP
> +1 613 482-7650
> eric at jacksch.com <mailto:eric at jacksch.com>
> Twitter: @EricJacksch
> https://SecurityShelf.com <https://securityshelf.com/>
>
>
More information about the openssl-users
mailing list