No, We use Ubuntu 16.04 OS On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky <[email protected]> wrote:
> Do you use any RedHat-based OS? > > On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <[email protected]> wrote: > >> Is it the problem with that strings or TLS/SSL version or any other ? >> >> On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <[email protected]> >> wrote: >> >>> Hi, >>> I had given all the cipher strings for "SSL_CTX_set_cipher_list" which >>> we get under the command 'openssl ciphers' that includes CBC, but any of >>> them didnot worked. All of them showed the error "error:141640B5:SSL >>> routines:tls_construct_client_hello:no ciphers available". I have used >>> TLSv1_2 or SSLv23. >>> Also I have tried setting these strings for "SSLCipherSuite" at apache >>> server configuration. But it makes no change for choosing the server >>> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384". >>> >>> Thanks >>> >>> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni < >>> [email protected]> wrote: >>> >>>> >>>> >>>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <[email protected]> >>>> wrote: >>>> > >>>> > Does SSL connection supports AESCBC? >>>> >>>> Yes, but not under that name. >>>> >>>> > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side >>>> or in "SSLCipherSuite" at apache server side. >>>> >>>> For example (constrained also to RSA and ECDHE to keep the list short): >>>> >>>> $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' >>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 >>>> ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 >>>> >>>> There isn't a cipherlist property that specifically selects CBC, so to >>>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). >>>> >>>> -- >>>> Viktor. >>>> >>>> -- >>>> openssl-users mailing list >>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>>> >>> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > -- > SY, Dmitry Belyavsky > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
