I think you missed the following:
Because CBC is the oldest block cipher mode in SSL and
TLS, the cipher suites using CBC don't include the
letters "CBC" in their names.They simply don't mention
a different mode (such as GCM or CCM).
For example ECDHE-RSA-AES128-SHA uses AES128 in CBC mode.
On 20/11/2018 10:54, ASHIQUE CK wrote:
Hi,
Any replys ?
On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashique...@gmail.com
<mailto:ckashique...@gmail.com>> wrote:
Also I use OpenSSL 1.1.0h.
On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK
<ckashique...@gmail.com <mailto:ckashique...@gmail.com>> wrote:
No, We use Ubuntu 16.04 OS
On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky
<beld...@gmail.com <mailto:beld...@gmail.com>> wrote:
Do you use any RedHat-based OS?
On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK
<ckashique...@gmail.com <mailto:ckashique...@gmail.com>>
wrote:
Is it the problem with that strings or TLS/SSL
version or any other ?
On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK
<ckashique...@gmail.com
<mailto:ckashique...@gmail.com>> wrote:
Hi,
I had given all the cipher strings
for "SSL_CTX_set_cipher_list" which we get under
the command 'openssl ciphers' that includes CBC,
but any of them didnot worked. All of them showed
the error "error:141640B5:SSL
routines:tls_construct_client_hello:no ciphers
available". I have used TLSv1_2 or SSLv23.
Also I have tried setting these strings for
"SSLCipherSuite" at apache server configuration.
But it makes no change for choosing the server
default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
Thanks
On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni
<openssl-us...@dukhovni.org
<mailto:openssl-us...@dukhovni.org>> wrote:
> On Nov 16, 2018, at 7:45 AM, ASHIQUE CK
<ckashique...@gmail.com
<mailto:ckashique...@gmail.com>> wrote:
>
> Does SSL connection supports AESCBC?
Yes, but not under that name.
> I could not set AESCBC in
"SSL_CTX_set_cipher_list" at client side or in
"SSLCipherSuite" at apache server side.
For example (constrained also to RSA and ECDHE
to keep the list short):
$ openssl ciphers -v
'AES128+aRSA+kECDHE:!AESGCM'
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH
Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA
Enc=AES(128) Mac=SHA1
There isn't a cipherlist property that
specifically selects CBC, so to
get *only* CBC, you need to exclude AESGCM
(and perhaps also AESCCM).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
