On 4/4/2013 11:53 AM, Sameer Stephen wrote:
Hi,I am building an application which needs TLSv1.2 protocol. I am getting following issues with openssl-1.0.1c version: Issue 1: openssl command errors out => openssl ciphers -v 'TLSv1.2' Error in cipher list 47767988151392:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170: =>openssl ciphers -v 'TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL' Error in cipher list 47393772139616:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170: Issue 2: SSL_CTX_set_cipher_list function errors out if (!SSL_CTX_set_cipher_list(SSL_context, "TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL")) // Function return 0 on error { printf("Can't set cipher list\n"); } In openssl-1.0.1e version both the issues go away. Is this a bug? Is there any way to fix the issue without upgrading the openssl library to new version?
Yes it was a bug. No, 1.0.1 to 1.0.1d contain known security holes in the SSL code and should not be used for SSL operations, which is the reason why 1.0.1e was released at all. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
