Thanks Matt. I am extremely for making such a basic stupid mistake. On Wed, 17 Nov 2021 at 18:33, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > > > On 17/11/2021 08:25, M K Saravanan wrote: > > Hi, > > > > Do I need to do any config to enable DHE based ciphers in openssl for > > command line usage? > > > > $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect > > 10.10.16.100:443 > > You have the wrong name for this ciphersuite. OpenSSL uses its own > naming scheme. The mapping between the names you will see in the > specification and OpenSSL names are on this page: > > https://www.openssl.org/docs/man1.1.1/man1/ciphers.html > > The OpenSSL name for this particular ciphersuite is > "DHE-RSA-AES128-GCM-SHA256" > > Matt > > > > > Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256" > > 139775998456896:error:140E6118:SSL > > routines:ssl_cipher_process_rulestr:invalid > > command:ssl/ssl_ciph.c:1028: > > > > mksarav@ubuntu1804:~$ openssl version > > OpenSSL 1.1.1d 10 Sep 2019 > > > > Non DHE ciphers are working fine with the above command option. Are > > they purposely removed for security reasons? I need to use DHE ciphers > > for some testing purpose. Is there anyway can I use it? > > > > > > with regards, > > Saravanan > >
