On 31/05/17 21:22, Siyuan Xiang wrote: > Hi all, > > I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher. > > I have a client using openssl 1.1.0e. It doesn't include > TLS_RSA_WITH_RC4_128_MD5. > I have recompiled the openssl using enable-weak-ssl-ciphers, but it > doesn't work > but TLS_RSA_WITH_RC4_128_SHA is in client hello message. > > It looks like all MD5 related ciphers are removed. I tried to > use SSL_CTX_set_security_level to > set level to 0. but it doesn't work. > > Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5? How have you configured your ciphersuite list? I can get this to work in 1.1.0 using s_server and s_client. Having built with "enable-weak-ssl-ciphers" I start up s_server like this: $ openssl s_server -cipher "RC4-MD5:@SECLEVEL=0" And then run s_client like this: $ openssl s_client -cipher "RC4-MD5:@SECLEVEL=0" The connection is successful and uses the RC4-MD5 ciphersuite (aka TLS_RSA_WITH_RC4_128_MD5). Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
