On 07/27/2017 02:49 PM, Todd Blum wrote: > SSLv2 Record Layer: Client Hello
SSLv2-compatible ClientHello is pretty old and probably unneeded > [Version: SSL 2.0 (0x0002)] > Length: 46 > Handshake Message Type: Client Hello (1) > Version: SSL 3.0 (0x0300) > Cipher Spec Length: 21 > Session ID Length: 0 > Challenge Length: 16 > Cipher Specs (7 specs) > Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a) > Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013) > Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005) > Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004) > Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080) > Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0) > Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff) > Challenge All of those are pretty bad ciphers; can you update the client to use better ones? Otherwise you might have to do something like include @SECLEVEL=0 in the cipher spec on the server to enable the weak ciphers. -Ben
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users