Thanks Jakob. Thanks a lot.
On Wed, Nov 21, 2018 at 10:58 PM Jakob Bohm via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
I think you missed the following:
Because CBC is the oldest block cipher mode in SSL and
TLS, the cipher suites using CBC don't include the
letters "CBC" in their names.They simply don't mention
a different mode (such as GCM or CCM).
For example ECDHE-RSA-AES128-SHA uses AES128 in CBC mode.
On 20/11/2018 10:54, ASHIQUE CK wrote:
> Hi,
> Any replys ?
>
> On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashiquekvk@xxxxxxxxx
> <mailto:ckashiquekvk@xxxxxxxxx>> wrote:
>
> Also I use OpenSSL 1.1.0h.
>
> On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK
> <ckashiquekvk@xxxxxxxxx <mailto:ckashiquekvk@xxxxxxxxx>> wrote:
>
> No, We use Ubuntu 16.04 OS
>
> On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky
> <beldmit@xxxxxxxxx <mailto:beldmit@xxxxxxxxx>> wrote:
>
> Do you use any RedHat-based OS?
>
> On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK
> <ckashiquekvk@xxxxxxxxx <mailto:ckashiquekvk@xxxxxxxxx>>
> wrote:
>
> Is it the problem with that strings or TLS/SSL
> version or any other ?
>
> On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK
> <ckashiquekvk@xxxxxxxxx
> <mailto:ckashiquekvk@xxxxxxxxx>> wrote:
>
> Hi,
> I had given all the cipher strings
> for "SSL_CTX_set_cipher_list" which we get under
> the command 'openssl ciphers' that includes CBC,
> but any of them didnot worked. All of them showed
> the error "error:141640B5:SSL
> routines:tls_construct_client_hello:no ciphers
> available". I have used TLSv1_2 or SSLv23.
> Also I have tried setting these strings for
> "SSLCipherSuite" at apache server configuration.
> But it makes no change for choosing the server
> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
>
> Thanks
>
> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni
> <openssl-users@xxxxxxxxxxxx
> <mailto:openssl-users@xxxxxxxxxxxx>> wrote:
>
>
>
> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK
> <ckashiquekvk@xxxxxxxxx
> <mailto:ckashiquekvk@xxxxxxxxx>> wrote:
> >
> > Does SSL connection supports AESCBC?
>
> Yes, but not under that name.
>
> > I could not set AESCBC in
> "SSL_CTX_set_cipher_list" at client side or in
> "SSLCipherSuite" at apache server side.
>
> For example (constrained also to RSA and ECDHE
> to keep the list short):
>
> $ openssl ciphers -v
> 'AES128+aRSA+kECDHE:!AESGCM'
> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH
> Au=RSA Enc=AES(128) Mac=SHA256
> ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA
> Enc=AES(128) Mac=SHA1
>
> There isn't a cipherlist property that
> specifically selects CBC, so to
> get *only* CBC, you need to exclude AESGCM
> (and perhaps also AESCCM).
>
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
