[openssl-users] AESCBC support in SSL
ASHIQUE CK
ckashiquekvk at gmail.com
Thu Nov 22 05:46:13 UTC 2018
Thanks Jakob. Thanks a lot.
On Wed, Nov 21, 2018 at 10:58 PM Jakob Bohm via openssl-users <
openssl-users at openssl.org> wrote:
> I think you missed the following:
>
> Because CBC is the oldest block cipher mode in SSL and
> TLS, the cipher suites using CBC don't include the
> letters "CBC" in their names.They simply don't mention
> a different mode (such as GCM or CCM).
>
> For example ECDHE-RSA-AES128-SHA uses AES128 in CBC mode.
>
> On 20/11/2018 10:54, ASHIQUE CK wrote:
> > Hi,
> > Any replys ?
> >
> > On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashiquekvk at gmail.com
> > <mailto:ckashiquekvk at gmail.com>> wrote:
> >
> > Also I use OpenSSL 1.1.0h.
> >
> > On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK
> > <ckashiquekvk at gmail.com <mailto:ckashiquekvk at gmail.com>> wrote:
> >
> > No, We use Ubuntu 16.04 OS
> >
> > On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky
> > <beldmit at gmail.com <mailto:beldmit at gmail.com>> wrote:
> >
> > Do you use any RedHat-based OS?
> >
> > On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK
> > <ckashiquekvk at gmail.com <mailto:ckashiquekvk at gmail.com>>
> > wrote:
> >
> > Is it the problem with that strings or TLS/SSL
> > version or any other ?
> >
> > On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK
> > <ckashiquekvk at gmail.com
> > <mailto:ckashiquekvk at gmail.com>> wrote:
> >
> > Hi,
> > I had given all the cipher strings
> > for "SSL_CTX_set_cipher_list" which we get under
> > the command 'openssl ciphers' that includes CBC,
> > but any of them didnot worked. All of them showed
> > the error "error:141640B5:SSL
> > routines:tls_construct_client_hello:no ciphers
> > available". I have used TLSv1_2 or SSLv23.
> > Also I have tried setting these strings for
> > "SSLCipherSuite" at apache server configuration.
> > But it makes no change for choosing the server
> > default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
> >
> > Thanks
> >
> > On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni
> > <openssl-users at dukhovni.org
> > <mailto:openssl-users at dukhovni.org>> wrote:
> >
> >
> >
> > > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK
> > <ckashiquekvk at gmail.com
> > <mailto:ckashiquekvk at gmail.com>> wrote:
> > >
> > > Does SSL connection supports AESCBC?
> >
> > Yes, but not under that name.
> >
> > > I could not set AESCBC in
> > "SSL_CTX_set_cipher_list" at client side or in
> > "SSLCipherSuite" at apache server side.
> >
> > For example (constrained also to RSA and ECDHE
> > to keep the list short):
> >
> > $ openssl ciphers -v
> > 'AES128+aRSA+kECDHE:!AESGCM'
> > ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH
> > Au=RSA Enc=AES(128) Mac=SHA256
> > ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA
> > Enc=AES(128) Mac=SHA1
> >
> > There isn't a cipherlist property that
> > specifically selects CBC, so to
> > get *only* CBC, you need to exclude AESGCM
> > (and perhaps also AESCCM).
> >
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181122/5aebaed2/attachment-0001.html>
More information about the openssl-users
mailing list