Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Michael Wojcik Michael.Wojcik at microfocus.com
Wed Mar 11 13:02:18 UTC 2020


To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).

https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html

________________________________

Testing server preferences
 Has server cipher order?     no (NOT ok)
  ...
No further cipher order check has been done as order is determined by the client

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200311/e4d4c80d/attachment.html>


More information about the openssl-users mailing list