On 26/06/2019 12:18, John Jiang wrote: > On Wed, Jun 26, 2019 at 2:59 PM Dr Paul Dale <paul.dale@xxxxxxxxxx > <mailto:paul.dale@xxxxxxxxxx>> wrote: > > Yes there is but it will require a reconfigure and a recompile. > > Could you please show me more details about it? > Which option(s) should be used for configuring and compiling? To compile in support for weak ciphersuites: $ ./config enable-weak-ssl-ciphers And then make/make test/make install as usual. Once support is compiled in the weak ciphersuites are still not enabled in the "DEFAULT" set of ciphersuites - you have to explicitly enable them at run time, e.g. $ openssl s_server -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0" $ openssl s_client -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0" Matt > > > > The big question is: "why?” > RC4 and MD5 are both considered broken. > > Don't worry, just for some testing. > > Thanks! > > > > Pauli > -- > Dr Paul Dale | Cryptographer | Network Security & Encryption > Phone +61 7 3031 7217 > Oracle Australia > > > >> On 26 Jun 2019, at 11:41 am, John Jiang <john.sha.jiang@xxxxxxxxx >> <mailto:john.sha.jiang@xxxxxxxxx>> wrote: >> >> Hi, >> I'm using s_server and s_client from OpenSSL 1.1.1. >> It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are disabled. >> Is there any way to re-enable these cipher suites? >> >> Thanks! >
