On 29/03/18 00:14, Eric Jacksch wrote: > Greetings, > > I'm using OpenSSL for testing and recently compiled 1.1.0g and h. I'm > seeing the same behaviour in both. > > openssl ciphers -v list the NULL ciphers, but when I try to use NULL or > NULL-MD5 I get the same result: No ciphers available. > > I've tried several compile options to no avail. > > Can anyone point me in the right direction? > > Thanks! > > > ./openssl s_client -connect x.x.x.x:443 -cipher NULL Change you cipher list to be `-cipher NULL:@SECLEVEL=0`. If your server is also running OpenSSL then you'll need to enable it there as well. The default security level is 1, which disables NULL ciphers amongst various other things. Matt > > CONNECTED(00000003) > > 140735917126464:error:141640B5:SSL > routines:tls_construct_client_hello:no ciphers > available:ssl/statem/statem_clnt.c:800: > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 0 bytes and written 0 bytes > > Verification: OK > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : 0000 > > Session-ID: > > Session-ID-ctx: > > Master-Key: > > PSK identity: None > > PSK identity hint: None > > SRP username: None > > Start Time: 1522278574 > > Timeout : 7200 (sec) > > Verify return code: 0 (ok) > > Extended master secret: no > > --- > > -- > Eric Jacksch, CPP, CISM, CISSP > +1 613 482-7650 > eric@xxxxxxxxxxx <mailto:eric@xxxxxxxxxxx> > Twitter: @EricJacksch > https://SecurityShelf.com <https://securityshelf.com/> > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
