On Fri, Mar 06, 2015, Christian Georg wrote:
>
> Any recommendations on how I can solve my issues without changing the openssl code and add this manually?
>
I'm not sure OpenSSL can do exactly what you want: 1.0.2 has an option to
return the raw ciphersuite list sent by the client. The s_server utility
will print this out if you set the -brief option. Ciphersuites OpenSSL
doesn't recognise are then printed out in hex form.
For example a recent version of Chrome shows:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:0xCC14:0xCC13:0xCC15:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:SCSV
The three hex values correspond to:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x13}
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x15}
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
