Re: [openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?
Yes, you are right. openssl binary is linking to a wrong shared library. The code is fine, it's linking to the static library. thanks. Regards, Siyuan --- On Mon, Jun 5, 2017 at 3:40 PM, Viktor Dukhovni wrote: > On Thu, Jun 01, 2017 at 10:16:01AM -0700, Siyuan Xiang wrote: > > > > > ./config enable-weak-ssl-ciphers --prefix=/opt > > Does this set a suitable RPATH? > > > make > > make DESTDIR=/path/to/dir INSTALL > > And now install in yet another place? > > > $ ./openssl version > > OpenSSL 1.1.0e 16 Feb 2017 > > The resulting code is likelky using the wrong shared libraries. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?
On Fri, Jun 2, 2017 at 1:29 AM, Matt Caswell wrote: > That's very strange. Those exact same commands work fine for me. Are you > sure you are picking up the version of 1.1.0e compiled with > enable-weak-ssl-ciphers and not some other previous compilation of 1.1.0e? > Yes I am sure that it's compiled with enable-weak-ssl-ciphers Regards, Siyuan --- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?
Hi Matt, I tried the following command, it failed. following is my command. ./config enable-weak-ssl-ciphers --prefix=/opt make make DESTDIR=/path/to/dir INSTALL $ ./openssl version OpenSSL 1.1.0e 16 Feb 2017 ./openssl s_client -cipher "RC4-MD5:@SECLEVEL=0" error setting cipher list 140369010624144:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1337: ./openssl ciphers "RC4-MD5:@SECLEVEL=0" Error in cipher list 140458428679936:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2018: However, after I change SSL_CTX_set_XXX function orders, TLS_RSA_WITH_RC4_128_MD5 do appear in client hello cipher list. SSL_CTX_set_security_level(ctx, 0); SSL_CTX_set_cipher_list(ctx, "ALL:RC4-MD5"); Regards, Siyuan --- On Thu, Jun 1, 2017 at 2:41 AM, Matt Caswell wrote: > > > On 31/05/17 21:22, Siyuan Xiang wrote: > > Hi all, > > > > I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher. > > > > I have a client using openssl 1.1.0e. It doesn't include > > TLS_RSA_WITH_RC4_128_MD5. > > I have recompiled the openssl using enable-weak-ssl-ciphers, but it > > doesn't work > > but TLS_RSA_WITH_RC4_128_SHA is in client hello message. > > > > It looks like all MD5 related ciphers are removed. I tried to > > use SSL_CTX_set_security_level to > > set level to 0. but it doesn't work. > > > > Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5? > > How have you configured your ciphersuite list? I can get this to work in > 1.1.0 using s_server and s_client. > > Having built with "enable-weak-ssl-ciphers" I start up s_server like this: > > $ openssl s_server -cipher "RC4-MD5:@SECLEVEL=0" > > And then run s_client like this: > > $ openssl s_client -cipher "RC4-MD5:@SECLEVEL=0" > > The connection is successful and uses the RC4-MD5 ciphersuite (aka > TLS_RSA_WITH_RC4_128_MD5). > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] enable TLS_RSA_WITH_RC4_128_MD5 in openssl 1.1.0e?
Hi all, I have a legacy server only accept TLS_RSA_WITH_RC4_128_MD5 cipher. I have a client using openssl 1.1.0e. It doesn't include TLS_RSA_WITH_RC4_128_MD5. I have recompiled the openssl using enable-weak-ssl-ciphers, but it doesn't work but TLS_RSA_WITH_RC4_128_SHA is in client hello message. It looks like all MD5 related ciphers are removed. I tried to use SSL_CTX_set_security_level to set level to 0. but it doesn't work. Do you have any idea how to enable TLS_RSA_WITH_RC4_128_MD5? Regards, Siyuan --- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users