Hi, Any replys ? On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <ckashique...@gmail.com> wrote:
> Also I use OpenSSL 1.1.0h. > > On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK <ckashique...@gmail.com> > wrote: > >> No, We use Ubuntu 16.04 OS >> >> On Mon, Nov 19, 2018 at 11:34 AM Dmitry Belyavsky <beld...@gmail.com> >> wrote: >> >>> Do you use any RedHat-based OS? >>> >>> On Mon, Nov 19, 2018 at 8:54 AM ASHIQUE CK <ckashique...@gmail.com> >>> wrote: >>> >>>> Is it the problem with that strings or TLS/SSL version or any other ? >>>> >>>> On Mon, Nov 19, 2018 at 11:12 AM ASHIQUE CK <ckashique...@gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> I had given all the cipher strings for "SSL_CTX_set_cipher_list" >>>>> which we get under the command 'openssl ciphers' that includes CBC, but >>>>> any >>>>> of them didnot worked. All of them showed the error "error:141640B5:SSL >>>>> routines:tls_construct_client_hello:no ciphers available". I have used >>>>> TLSv1_2 or SSLv23. >>>>> Also I have tried setting these strings for "SSLCipherSuite" at >>>>> apache server configuration. But it makes no change for choosing the >>>>> server >>>>> default ciphersuit "ECDHE-RSA-AES256-GCM-SHA384". >>>>> >>>>> Thanks >>>>> >>>>> On Fri, Nov 16, 2018 at 9:15 PM Viktor Dukhovni < >>>>> openssl-us...@dukhovni.org> wrote: >>>>> >>>>>> >>>>>> >>>>>> > On Nov 16, 2018, at 7:45 AM, ASHIQUE CK <ckashique...@gmail.com> >>>>>> wrote: >>>>>> > >>>>>> > Does SSL connection supports AESCBC? >>>>>> >>>>>> Yes, but not under that name. >>>>>> >>>>>> > I could not set AESCBC in "SSL_CTX_set_cipher_list" at client side >>>>>> or in "SSLCipherSuite" at apache server side. >>>>>> >>>>>> For example (constrained also to RSA and ECDHE to keep the list >>>>>> short): >>>>>> >>>>>> $ openssl ciphers -v 'AES128+aRSA+kECDHE:!AESGCM' >>>>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) >>>>>> Mac=SHA256 >>>>>> ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 >>>>>> >>>>>> There isn't a cipherlist property that specifically selects CBC, so to >>>>>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). >>>>>> >>>>>> -- >>>>>> Viktor. >>>>>> >>>>>> -- >>>>>> openssl-users mailing list >>>>>> To unsubscribe: >>>>>> https://mta.openssl.org/mailman/listinfo/openssl-users >>>>>> >>>>> -- >>>> openssl-users mailing list >>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>>> >>> >>> >>> -- >>> SY, Dmitry Belyavsky >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >>
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users