El día Friday, February 17, 2017 a las 09:57:39AM +0000, Matt Caswell escribió: > > > On 17/02/17 07:46, Matthias Apitz wrote: > > New, TLSv1/SSLv3, Cipher is DHE-DSS-AES128-GCM-SHA256 > > Your server appears to be configured with a DSA certificate. > > OpenSSL 1.1.0 made changes to the default ciphersuites that get sent. > See this CHANGES entry: > > *) Changes to the DEFAULT cipherlist: > - Prefer (EC)DHE handshakes over plain RSA. > - Prefer AEAD ciphers over legacy ciphers. > - Prefer ECDSA over RSA when both certificates are available. > - Prefer TLSv1.2 ciphers/PRF. > - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the > default cipherlist. > [Emilia Käsper] > > So OpenSSL 1.1.0 does not offer any DSS based ciphersuites by default > any more. If your server only has a DSA certificate then this is going > to fail. Thanks. I have aadded more ciphers using SSL_set_cipher_list(3) and all is fine now. matthias -- Matthias Apitz, ✉ guru@xxxxxxxxxxx, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
