Thank you Ben, but I am afraid it does not work unless I'm doing something wrong.
Here is a code snippet:int CSSL::createCTX(SSL_CTX **ppctx, int &extError)
{
X509_NAME *xn;
SSL *ssl;
X509 *pX509;
POSITION pos;
TCHAR name[256], *cert_file = NULL, *CAfile, certInfo[512] = _T("");
int len, err;
char *CApath = NULL, caFile[256];
extError = 0;
if(!(*ppctx = SSL_CTX_new(SSLv23_client_method()))) {
::ShowErrorMsg((DWORD)m_pConfig, 0, 0, SSL_ERROR_CAPTION, _T("Error creating ctx object - SSL_CTX_new() failed"));
extError = _SSL_CTX_NEW_FAILED;
return _SSL_ERROR;
}
SSL_CTX_set_options(*ppctx, 0);
SSL_CTX_set_security_level(*ppctx, 0); // for compatibility with weak ciphers
.
.
Gerrit van Niekerk
GP van Niekerk Ondernemings BK
Roosstraat 211, Meyerspark, 0184, South Africa
Tel: +27(12)8036501 Fax SA: 086 537 4131
Voip: 0105912084
Cell: +27(73)6891370
Email: [hidden email], [hidden email]
Web: http://www.gpvno.co.za
GP van Niekerk Ondernemings BK
Roosstraat 211, Meyerspark, 0184, South Africa
Tel: +27(12)8036501 Fax SA: 086 537 4131
Voip: 0105912084
Cell: +27(73)6891370
Email: [hidden email], [hidden email]
Web: http://www.gpvno.co.za
On Wed, Jun 7, 2017 at 6:16 PM, OpenSSL - User mailing list [via OpenSSL] <[hidden email]> wrote:
On 06/07/2017 11:13 AM, gerritvn wrote:
We are using OpenSSL in a terminal emulation product. We recently upgraded from OpenSSL v 1.0.2g to OpenSSL v 1.1.0e. Some servers we connect to do not support any of the strong ciphers which are compiled by default in OpenSSL v 1.1.0e and returns an alert with "handshake error". We recompiled with the option "enable-weak-ssl-ciphers", but that does not solve the problem. With OpenSSL v 1.0.2g one specific server selected the Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) which is shown as DES-CBC3-SHA by OpenSSL Listing ciphers with our OpenSSL 1.1.0e "enable-weak-ssl-ciphers" build with the command: openssl ciphers -v "ALL:@SECLEVEL=0" shows this entry: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 This cipher is, however, not offered in the Client Hello when our client opens the connection. What do we need to add to our program to get our client to offer the weak ciphers as well as the strong ones?
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_ security_level.html
-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If you reply to this email, your message will be added to the discussion below:http://openssl.6102.n7.nabble.com/Using-weak-ciphers-in- OpenSSL-v-1-1-0e-client- tp71061p71062.html
View this message in context: Re: Using weak ciphers in OpenSSL v 1.1.0e client
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users