The default cipher of executable 'openssl'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 11, 2015 at 11:19:17PM -0700, Aaron wrote:

> Right, I am talking about s_server subcommand. You mentioned that there is
> no change in this area. However I can easily show something is change using
> s_server subcommand. I am using original OpenSSL code to build my 'openssl',
> to this change is not from me.
> 
> 1) 1.0.1l 
> ./apps/openssl s_server -ssl3 -cert certdb/ssl_server.pem -WWW -CAfile
> certdb/cafile.pem 
> Using default temp DH parameters 
> Using default temp ECDH parameters 
> ACCEPT 

With SSL 3.0, no extension support, thus no supported curves
extension, thus ideally no EDCHE support.  If ECDHE happened anyway
with earlier releases, that was a bug that is perhaps now fixed.

> 2) 1.0.2 
> ./apps/openssl s_server -ssl3 -cert certdb/ssl_server.pem -WWW -CAfile
> certdb/cafile.pem 
> Using default temp DH parameters 
> ACCEPT 
> 
> Note that, in 1.0.2, openssl doesn't print out 'Using default temp ECDH
> parameters'. 

To get ECDHE support, use TLSv1.0 or later.

-- 
	Viktor.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux