Hi, There a list ciphers compiled in openssl-1.11.c ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA None support CBC. How compile openssl with CBC support? best regards Ranier Vilela ________________________________________ De: Ranier VF Enviado: segunda-feira, 19 de agosto de 2019 17:30 Para: openssl-users@xxxxxxxxxxx Assunto: Server(TomCat) disconnect client(ECDHE-RSA-AES128-SHA) openssl-1.1.1c Hi, I have a trouble with use of openssl-1.1.1c when connects with homologacao.sefaz.mt.gov.br: Server Cipher suites: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Client is setup with: SSL_set_cipher_list(tls, "ALL") Server disconnects connection. 1.Why, session cipher select by client is: ECDHE-RSA-AES128-SHA 2.How configure client to use server ciphers? Logs: DTLS: no protocol: TLSv1.3 cipher name: (NONE) DTLS: no protocol: TLSv1.3 cipher name: (NONE) SSL_connect:before SSL initialization DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write client hello DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write client hello DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server hello DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server certificate DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server key exchange DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server done DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write client key exchange DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write change cipher spec DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write finished DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write finished DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS read change cipher spec DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS read finished DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSL negotiation finished successfully DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSL negotiation finished successfully DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS read hello request DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write client hello DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write client hello DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server hello DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server certificate DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server key exchange DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server certificate request DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS read server done DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write client certificate DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write client key exchange DTLS: no protocol: TLSv1.2 cipher name: (NONE) SSL_connect:SSLv3/TLS write certificate verify DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write change cipher spec DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS write finished DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL3 alert read:fatal:handshake failure DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:error in error SSL_read failed:: WSAError: 0 SSL State: SSLERR SSL Error: -1 1 error:00000001:lib(0):func(0):reason(1) SSL Error: -1 336151568 error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure SSL_connect:before SSL initialization SSL_connect:SSLv3/TLS write client hello SSL_connect:SSLv3/TLS write client hello SSL_connect:SSLv3/TLS read server hello SSL_connect:SSLv3/TLS read server certificate SSL_connect:SSLv3/TLS read server key exchange SSL_connect:SSLv3/TLS read server done SSL_connect:SSLv3/TLS write client key exchange SSL_connect:SSLv3/TLS write change cipher spec SSL_connect:SSLv3/TLS write finished SSL_connect:SSLv3/TLS write finished SSL_connect:SSLv3/TLS read change cipher spec DTLS: no protocol: TLSv1.2 cipher name: ECDHE-RSA-AES128-SHA SSL_connect:SSLv3/TLS read finished SSL_read failed:: WSAError: 10054 SSL State: SSLOK SSL Error: -1 5 error:00000005:lib(0):func(0):DH lib
