> From: openssl-users On Behalf Of Aaron > Sent: Wednesday, June 10, 2015 03:47 > We are using executable 'apps/openssl' in our test cases. We upgraded from > OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test cases > started to fail. After checking, I noticed that the default cipher of > 'openssl' was changed from ECDHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA 'openssl' doesn't have "a" default cipher; it implements over 40 subcommands which use different kinds of ciphers with different defaults or none. You appear to be talking about the 's_client' or 's_server' subcommand, which use the library's SSL/TLS default cipherLIST, which contains about 100 ciphersuites in preference order. The only differences in this list between 1.0.1l and 1.0.2a are that 1.0.2a (also 1.0.1m and 1.0.0r) removes the long-obsolete EXPORT suites (finally, perhaps due to the FREAK and Logjam attacks exploiting them) and adds newly-implemented static-DH suites, which are ignored unless your server has a certificate for a DH key, which in practice nobody does, so they don't affect you (other than further bloating the ClientHello message). Both 1.0.1 and 1.0.2 have ECDHE-RSA-AES256-SHA ordered before DHE-RSA-AES256-SHA, so s_client talking to a server that honors client preference should still get the same result, and s_server listening to a client that has the same preference should still get the same result. Whatever changed in your test this wasn't it. > OpenSSL 1.0.2. The related description in OpenSSL 1.0.2 change log is as > follows. <snip> > My question is how to enable automatic EC temporary key parameter > selection? Commandline doesn't use that feature (yet?), only updated app code using the library. Both 1.0.1 and 1.0.2 default to a fixed curve, P256, and allow you to specify any (fixed) named curve, see -named_curve. > Is it possible to change the default cipher back to ECDHE-RSA-AES256-SHA? There's no change to be changed back. All the above assumes that when you identify versions of OpenSSL you mean executables compiled from those version source releases without modification. If either or both of your executables was built with any source changes or any configuration options that alter the release behavior, all bets are off; you'll have to look at your specific builds. E.g. RedHat builds used to nobble all ECC (but that was fixed by 1.0.2a). If you ARE using release versions, try getting traces (either externally with something like wireshark or tcpdump, or internally with -msg and/or -debug in either s_client or s_server) to see if anything is materially different on the wire (and what).
