> I am extremely for making such a basic stupid mistake. I am extremely sorry. On Wed, 17 Nov 2021 at 21:19, M K Saravanan <mksarav@xxxxxxxxx> wrote: > > Thanks Matt. > > I am extremely for making such a basic stupid mistake. > > On Wed, 17 Nov 2021 at 18:33, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > > > > > > > On 17/11/2021 08:25, M K Saravanan wrote: > > > Hi, > > > > > > Do I need to do any config to enable DHE based ciphers in openssl for > > > command line usage? > > > > > > $ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect > > > 10.10.16.100:443 > > > > You have the wrong name for this ciphersuite. OpenSSL uses its own > > naming scheme. The mapping between the names you will see in the > > specification and OpenSSL names are on this page: > > > > https://www.openssl.org/docs/man1.1.1/man1/ciphers.html > > > > The OpenSSL name for this particular ciphersuite is > > "DHE-RSA-AES128-GCM-SHA256" > > > > Matt > > > > > > > > > Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256" > > > 139775998456896:error:140E6118:SSL > > > routines:ssl_cipher_process_rulestr:invalid > > > command:ssl/ssl_ciph.c:1028: > > > > > > mksarav@ubuntu1804:~$ openssl version > > > OpenSSL 1.1.1d 10 Sep 2019 > > > > > > Non DHE ciphers are working fine with the above command option. Are > > > they purposely removed for security reasons? I need to use DHE ciphers > > > for some testing purpose. Is there anyway can I use it? > > > > > > > > > with regards, > > > Saravanan > > >
