Re: Enabled weak cipher suites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 26/06/2019 12:18, John Jiang wrote:
> On Wed, Jun 26, 2019 at 2:59 PM Dr Paul Dale <paul.dale@xxxxxxxxxx
> <mailto:paul.dale@xxxxxxxxxx>> wrote:
> 
>     Yes there is but it will require a reconfigure and a recompile.
> 
> Could you please show me more details about it?
> Which option(s) should be used for configuring and compiling?

To compile in support for weak ciphersuites:

$ ./config enable-weak-ssl-ciphers

And then make/make test/make install as usual.

Once support is compiled in the weak ciphersuites are still not enabled in the
"DEFAULT" set of ciphersuites - you have to explicitly enable them at run time, e.g.

$ openssl s_server -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0"

$ openssl s_client -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0"

Matt

>  
> 
> 
>     The big question is: "why?”
>     RC4 and MD5 are both considered broken.
> 
> Don't worry, just for some testing.
> 
> Thanks!
> 
> 
> 
>     Pauli
>     -- 
>     Dr Paul Dale | Cryptographer | Network Security & Encryption 
>     Phone +61 7 3031 7217
>     Oracle Australia
> 
> 
> 
>>     On 26 Jun 2019, at 11:41 am, John Jiang <john.sha.jiang@xxxxxxxxx
>>     <mailto:john.sha.jiang@xxxxxxxxx>> wrote:
>>
>>     Hi,
>>     I'm using s_server and s_client from OpenSSL 1.1.1.
>>     It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are disabled.
>>     Is there any way to re-enable these cipher suites?
>>
>>     Thanks!
> 



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux