Hi, I had given all the cipher strings for "SSL_CTX_set_cipher_list" which we get under the command 'openssl ciphers' that includes CBC, but any of them didnot worked. All of them showed the error "error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available". I have used TLSv1_2 or SSLv23. Also I have tried setting these strings for "SSLCipherSuite" at apache server configuration. But it makes no change for choosing the server default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384".
Thanks On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > > > > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashique...@gmail.com> wrote: > > > > Does SSL connection supports AESCBC? > > Yes, but not under that name. > > > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or > in "SSLCipherSuite" at apache server side. > > For example (constrained also to RSA and ECDHE to keep the list short): > > $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' > ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 > ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 > > There isn't a cipherlist property that specifically selects CBC, so to > get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users