Re: NULL ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 13, 2020 at 08:19:10PM +0200, Detlef Vollmann wrote:
> Hello,
> 
> with the following commands:
> 
> openssl s_server -accept 18010 -cert srv.crt -key test.key \
> -CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2
> 
> openssl s_client -connect localhost:18010 -cert clnt.crt \
>  -key test.key -CAfile testca.crt -debug \
>  -cipher 'COMPLEMENTOFALL:eNULL' -dtls1_2
> 
> NULL ciphers work fine with OpenSSL 1.0.2g.
> 
> With OpenSSL 1.1.1g the handshake fails on the server side with
> 140295725053248:error:14102438:SSL routines:dtls1_read_bytes:tlsv1 \
> alert internal error:../ssl/record/rec_layer_d1.c:611:SSL alert number \
> 80
> 
> Even on OpenSSL 1.1.1g 'openssl ciphers -v  NULL' lists NULL-SHA256.
> 
> I'm only using s_server and s_client as tests, but I have the same
> problem in my application if I use
>  SSL_CTX_set_cipher_list(sslCtx, "NULL-SHA256");
> 
> What can I do to get NULL ciphers for no encryption working?

-cipher 'COMPLEMENTOFALL:eNULL@SECLEVEL=0'



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux