Re: AESCBC support in SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
Any replys ?

On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote:
Also I use OpenSSL 1.1.0h.

On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote:
No, We use Ubuntu 16.04 OS

On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky <beldmit@xxxxxxxxx> wrote:
Do you use any RedHat-based OS?

On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote:
Is it the problem with that strings or  TLS/SSL version or any other ?

On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote:
Hi,
I had given all the cipher strings for  "SSL_CTX_set_cipher_list" which we get under the command 'openssl ciphers' that includes CBC, but any of them didnot worked. All of them showed the error "error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available". I have used TLSv1_2 or SSLv23. 
Also I have tried setting  these strings for "SSLCipherSuite" at apache server configuration. But it makes no change for choosing the server default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".

Thanks

On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:


> On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashiquekvk@xxxxxxxxx> wrote:
>
> Does SSL connection supports AESCBC?

Yes, but not under that name.

>  I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or in "SSLCipherSuite" at apache server side.

For example (constrained also to RSA and ECDHE to keep the list short):

  $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM'
  ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
  ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1

There isn't a cipherlist property that specifically selects CBC, so to
get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM).

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux