NULL ciphers
Detlef Vollmann
dv at vollmann.ch
Thu Aug 13 18:19:10 UTC 2020
Hello,
with the following commands:
openssl s_server -accept 18010 -cert srv.crt -key test.key \
-CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2
openssl s_client -connect localhost:18010 -cert clnt.crt \
-key test.key -CAfile testca.crt -debug \
-cipher 'COMPLEMENTOFALL:eNULL' -dtls1_2
NULL ciphers work fine with OpenSSL 1.0.2g.
With OpenSSL 1.1.1g the handshake fails on the server side with
140295725053248:error:14102438:SSL routines:dtls1_read_bytes:tlsv1 \
alert internal error:../ssl/record/rec_layer_d1.c:611:SSL alert number \
80
Even on OpenSSL 1.1.1g 'openssl ciphers -v NULL' lists NULL-SHA256.
I'm only using s_server and s_client as tests, but I have the same
problem in my application if I use
SSL_CTX_set_cipher_list(sslCtx, "NULL-SHA256");
What can I do to get NULL ciphers for no encryption working?
Detlef
More information about the openssl-users
mailing list