> On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote: > > Does SSL connection supports AESCBC? Yes, but not under that name. > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or in "SSLCipherSuite" at apache server side. For example (constrained also to RSA and ECDHE to keep the list short): $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 There isn't a cipherlist property that specifically selects CBC, so to get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
