how to enable DHE ciphers on openssl for using on command line

M K Saravanan mksarav at gmail.com
Wed Nov 17 13:19:30 UTC 2021


Thanks Matt.

I am extremely for making such a basic stupid mistake.

On Wed, 17 Nov 2021 at 18:33, Matt Caswell <matt at openssl.org> wrote:
>
>
>
> On 17/11/2021 08:25, M K Saravanan wrote:
> > Hi,
> >
> > Do I need to do any config to enable DHE based ciphers in openssl for
> > command line usage?
> >
> > $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
> > 10.10.16.100:443
>
> You have the wrong name for this ciphersuite. OpenSSL uses its own
> naming scheme. The mapping between the names you will see in the
> specification and OpenSSL names are on this page:
>
> https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
>
> The OpenSSL name for this particular ciphersuite is
> "DHE-RSA-AES128-GCM-SHA256"
>
> Matt
>
>
>
> > Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
> > 139775998456896:error:140E6118:SSL
> > routines:ssl_cipher_process_rulestr:invalid
> > command:ssl/ssl_ciph.c:1028:
> >
> > mksarav at ubuntu1804:~$ openssl version
> > OpenSSL 1.1.1d  10 Sep 2019
> >
> > Non DHE ciphers are working fine with the above command option.  Are
> > they purposely removed for security reasons? I need to use DHE ciphers
> > for some testing purpose. Is there anyway can I use it?
> >
> >
> > with regards,
> > Saravanan
> >


More information about the openssl-users mailing list