Hi all

I'm trying to re-add 3DES support (a temporary move, due to business 
requirements) to an NGINX (1.15.3) + OpenSSL (1.1.1) build via the NGINX build 
flag --with-openssl-opt=enable-weak-ssl-ciphers which i learnt from 
https://www.openssl.org/blog/blog/2016/08/24/sweet32/.

Whilst I do see some older ciphersuites being offered by NGINX after doing 
this, e.g. Camelia, Seed and so on, i don't see 3DES. I was expecting to be 
able to specifically list 3DES e.g. via DES-CBC3-SHA but that didn’t work. I 
have also tried adding @seclevel=0 to the ciphersuite string in NGINX but 
again, that didn’t work, I don’t see any 3DES ciphersuites available in NGINX.

I'm wondering whether something changed between the above article and the final 
version of OpenSSL 1.1.1? (I.e. Whether 3DES support was completely removed in 
OpenSSL 1.1.1).

Any pointers would be very much appreciated, I can’t find anything very useful 
on the web.

Cheers

Neil Craig
Lead Technical Architect | Online Technology Group
[cid:FDC52DA5-F1EC-4ED7-A69C-CACB83B41880]
Broadcast Centre, London W12 7TQ | BC4 A3
Twitter: https://twitter.com/tdp_org

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to