> On Jan 10, 2016, at 8:39 AM, Michel <michel.sa...@free.fr> wrote:
>
> but NOT with version 1.1-pre :
> openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"
> openssl s_client -cipher "ALL:eNULL:@STRENGTH"
>
Try:
-cipher "ALL:eNULL:@STRENGTH:@SECLEVEL=0"
The default security level 1 disables aNULL ciphers.
Perhaps disabling aNULL via @SECLEVEL is not the right thing to do.
The semantics of SECLEVEL are not yet set in stone, and authentication
is quite separate from crypto security, so perhaps if you enable aNULL
ciphers you should get them. After all, even if certificates are used,
nothing forces you to verify them.
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
