Openssl TLSv1.3 ciphers failing during handshake

Matt Caswell matt at
Wed Jul 12 09:10:47 UTC 2023

On 12/07/2023 09:06, kgoudra--- via openssl-users wrote:
> 139821832050432:error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no 
> ciphers available:ssl/statem/statem_clnt.c:3802:No ciphers enabled for 
> max supported SSL/TLS version

This tells us that it thinks you have not configured any ciphers 
suitable for the highest TLS protocol version it thinks it can use.

> *const char *cipher_list = 
> "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";*
> *SSL_CTX_set_cipher_list(pCtx, "");*
> *SSL_CTX_set_ciphersuites(pCtx, cipher_list);*

This disables all ciphers for <= TLSv1.2 - which would be consistent 
with the above error message if it believes that the highest protocol 
version it supports is <= TLSv1.2.

What SSL_METHOD are you using in the client when you create the SSL_CTX? 
i.e. what parameter do you pass to `SSL_CTX_new()`?


More information about the openssl-users mailing list