[openssl-users] AESCBC support in SSL

ASHIQUE CK ckashiquekvk at gmail.com
Tue Nov 20 09:54:44 UTC 2018 

Hi,
Any replys ?

On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashiquekvk at gmail.com> wrote:

> Also I use OpenSSL 1.1.0h.
>
> On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK <ckashiquekvk at gmail.com>
> wrote:
>
>> No, We use Ubuntu 16.04 OS
>>
>> On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky <beldmit at gmail.com>
>> wrote:
>>
>>> Do you use any RedHat-based OS?
>>>
>>> On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <ckashiquekvk at gmail.com>
>>> wrote:
>>>
>>>> Is it the problem with that strings or  TLS/SSL version or any other ?
>>>>
>>>> On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashiquekvk at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> I had given all the cipher strings for  "SSL_CTX_set_cipher_list"
>>>>> which we get under the command 'openssl ciphers' that includes CBC, but any
>>>>> of them didnot worked. All of them showed the error "error:141640B5:SSL
>>>>> routines:tls_construct_client_hello:no ciphers available". I have used
>>>>> TLSv1_2 or SSLv23.
>>>>> Also I have tried setting  these strings for "SSLCipherSuite" at
>>>>> apache server configuration. But it makes no change for choosing the server
>>>>> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
>>>>>
>>>>> Thanks
>>>>>
>>>>> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni <
>>>>> openssl-users at dukhovni.org> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashiquekvk at gmail.com>
>>>>>> wrote:
>>>>>> >
>>>>>> > Does SSL connection supports AESCBC?
>>>>>>
>>>>>> Yes, but not under that name.
>>>>>>
>>>>>> >  I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side
>>>>>> or in "SSLCipherSuite" at apache server side.
>>>>>>
>>>>>> For example (constrained also to RSA and ECDHE to keep the list
>>>>>> short):
>>>>>>
>>>>>>   $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM'
>>>>>>   ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128)
>>>>>> Mac=SHA256
>>>>>>   ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
>>>>>>
>>>>>> There isn't a cipherlist property that specifically selects CBC, so to
>>>>>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM).
>>>>>>
>>>>>> --
>>>>>>         Viktor.
>>>>>>
>>>>>> --
>>>>>> openssl-users mailing list
>>>>>> To unsubscribe:
>>>>>> https://mta.openssl.org/mailman/listinfo/openssl-users
>>>>>>
>>>>> --
>>>> openssl-users mailing list
>>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>>>
>>>
>>>
>>> --
>>> SY, Dmitry Belyavsky
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181120/03aac2ef/attachment-0001.html>

More information about the openssl-users mailing list