Viktor and Kurt, Thanks for the help! Now it's working. Qi -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Kurt Roeckx Sent: Wednesday, August 22, 2018 2:12 PM To: openssl-users@xxxxxxxxxxx Subject: Re: using NULL ciphers On Wed, Aug 22, 2018 at 02:08:42PM -0400, Viktor Dukhovni wrote: > > > > On Aug 22, 2018, at 1:56 PM, Qi Zeng <qzeng@xxxxxxxx> wrote: > > > > I’m trying to use NULL cipher such as ECDHE-ECDSA-NULL-SHA for debugging purpose. With OpenSSL version 1.0.2p, I was able to make it work. However with version 1.1.0i or 1.1.1 prev 9, SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-NULL-SHA") succeeded but SSL_Connect () failed. Is there any way to enable NULL ciphers with version 1.1.0i or later? > > Yes, you need to use: > > "ECDHE-ECDSA-NULL-SHA:@SECLEVEL=0" > > at present there are no separate controls to distinguish between the > authentication security level and the encryption security level, so > this also removes floors on the keys used in the certificates, but > for debugging that should not be an obstacle... With 1.1.1 pre 9 you also might try to be using TLS 1.3, and that does not support a NULL cipher. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
