how to enable DHE ciphers on openssl for using on command line
Matt Caswell
matt at openssl.org
Wed Nov 17 10:33:24 UTC 2021
On 17/11/2021 08:25, M K Saravanan wrote:
> Hi,
>
> Do I need to do any config to enable DHE based ciphers in openssl for
> command line usage?
>
> $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
> 10.10.16.100:443
You have the wrong name for this ciphersuite. OpenSSL uses its own
naming scheme. The mapping between the names you will see in the
specification and OpenSSL names are on this page:
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
The OpenSSL name for this particular ciphersuite is
"DHE-RSA-AES128-GCM-SHA256"
Matt
> Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
> 139775998456896:error:140E6118:SSL
> routines:ssl_cipher_process_rulestr:invalid
> command:ssl/ssl_ciph.c:1028:
>
> mksarav at ubuntu1804:~$ openssl version
> OpenSSL 1.1.1d 10 Sep 2019
>
> Non DHE ciphers are working fine with the above command option. Are
> they purposely removed for security reasons? I need to use DHE ciphers
> for some testing purpose. Is there anyway can I use it?
>
>
> with regards,
> Saravanan
>
More information about the openssl-users
mailing list