On 06/07/2017 11:13 AM, gerritvn wrote: > We are using OpenSSL in a terminal emulation product. > We recently upgraded from OpenSSL v 1.0.2g to OpenSSL v 1.1.0e. > Some servers we connect to do not support any of the strong ciphers which > are compiled by default in OpenSSL v 1.1.0e and returns an alert with > "handshake error". > We recompiled with the option "enable-weak-ssl-ciphers", but that does not > solve the problem. > With OpenSSL v 1.0.2g one specific server selected the Cipher Suite: > TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) which is shown as DES-CBC3-SHA by > OpenSSL > Listing ciphers with our OpenSSL 1.1.0e "enable-weak-ssl-ciphers" build with > the command: > openssl ciphers -v "ALL:@SECLEVEL=0" > shows this entry: > DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 > This cipher is, however, not offered in the Client Hello when our client > opens the connection. > > What do we need to add to our program to get our client to offer the weak > ciphers as well as the strong ones? >
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_security_level.html -Ben
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users