Hi,

I need to permit some anonymous Diffie-Hellman ciphers in OpenSSL. This worked 
fine until I installed 1.1.0h when I get "no shared cipher". I debugged and 
found the cause in ssl_security_default_callback, ssl_cert.c line 1028:

            /* No unauthenticated ciphersuites */
            if (c->algorithm_auth & SSL_aNULL)
                return 0;

So do I need to have my own callback, using SSL_CTX_set_security_callback? The 
manual page is not very informative and I'm not sure about how to implement the 
callback. I wouldn't like to duplicate all the other checks of the default 
callback.

Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, 
but as far as I understand, it switches off some other cipher checks. What's 
the recommended way of allowing ADH?

Best regards,
Per

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to