On 07/27/2017 02:49 PM, Todd Blum wrote:
SSLv2 Record Layer: Client Hello
SSLv2-compatible ClientHello is pretty old and probably unneeded
[Version: SSL 2.0 (0x0002)]
Length: 46
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300)
Cipher Spec Length: 21
Session ID Length: 0
Challenge Length: 16
Cipher Specs (7 specs)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
(0x00000a)
Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(0x000013)
Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5
(0x0700c0)
Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
(0x0000ff)
Challenge
All of those are pretty bad ciphers; can you update the client to
use better ones?
Otherwise you might have to do something like include @SECLEVEL=0 in
the cipher spec on the server to enable the weak ciphers.
-Ben
|
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
