Also I use OpenSSL 1.1.0h. On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK <ckashique...@gmail.com> wrote:
> No, We use Ubuntu 16.04 OS > > On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky <beld...@gmail.com> > wrote: > >> Do you use any RedHat-based OS? >> >> On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <ckashique...@gmail.com> >> wrote: >> >>> Is it the problem with that strings or TLS/SSL version or any other ? >>> >>> On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashique...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> I had given all the cipher strings for "SSL_CTX_set_cipher_list" which >>>> we get under the command 'openssl ciphers' that includes CBC, but any of >>>> them didnot worked. All of them showed the error "error:141640B5:SSL >>>> routines:tls_construct_client_hello:no ciphers available". I have used >>>> TLSv1_2 or SSLv23. >>>> Also I have tried setting these strings for "SSLCipherSuite" at apache >>>> server configuration. But it makes no change for choosing the server >>>> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384". >>>> >>>> Thanks >>>> >>>> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni < >>>> openssl-us...@dukhovni.org> wrote: >>>> >>>>> >>>>> >>>>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashique...@gmail.com> >>>>> wrote: >>>>> > >>>>> > Does SSL connection supports AESCBC? >>>>> >>>>> Yes, but not under that name. >>>>> >>>>> > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side >>>>> or in "SSLCipherSuite" at apache server side. >>>>> >>>>> For example (constrained also to RSA and ECDHE to keep the list short): >>>>> >>>>> $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' >>>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) >>>>> Mac=SHA256 >>>>> ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 >>>>> >>>>> There isn't a cipherlist property that specifically selects CBC, so to >>>>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). >>>>> >>>>> -- >>>>> Viktor. >>>>> >>>>> -- >>>>> openssl-users mailing list >>>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>>>> >>>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >> >> >> -- >> SY, Dmitry Belyavsky >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users