Do you use any RedHat-based OS? On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <ckashique...@gmail.com> wrote:
> Is it the problem with that strings or TLS/SSL version or any other ? > > On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashique...@gmail.com> > wrote: > >> Hi, >> I had given all the cipher strings for "SSL_CTX_set_cipher_list" which >> we get under the command 'openssl ciphers' that includes CBC, but any of >> them didnot worked. All of them showed the error "error:141640B5:SSL >> routines:tls_construct_client_hello:no ciphers available". I have used >> TLSv1_2 or SSLv23. >> Also I have tried setting these strings for "SSLCipherSuite" at apache >> server configuration. But it makes no change for choosing the server >> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384". >> >> Thanks >> >> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni < >> openssl-us...@dukhovni.org> wrote: >> >>> >>> >>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashique...@gmail.com> >>> wrote: >>> > >>> > Does SSL connection supports AESCBC? >>> >>> Yes, but not under that name. >>> >>> > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side or >>> in "SSLCipherSuite" at apache server side. >>> >>> For example (constrained also to RSA and ECDHE to keep the list short): >>> >>> $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' >>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 >>> ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 >>> >>> There isn't a cipherlist property that specifically selects CBC, so to >>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). >>> >>> -- >>> Viktor. >>> >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >> -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- SY, Dmitry Belyavsky
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
