Re: [openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-14 Thread Frykenvall, Per
>> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the >> trick, but as far as I understand, it switches off some other cipher checks. >> What's the recommended way of allowing ADH? >For now just @SECLEVEL=0. There's not yet a more fine-grained to set the >security >level

Re: [openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-12 Thread Viktor Dukhovni
> On Apr 12, 2018, at 7:12 AM, Frykenvall, Per wrote: > > Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the > trick, but as far as I understand, it switches off some other cipher checks. > What's the recommended way of allowing ADH? For now just

[openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-12 Thread Frykenvall, Per
Hi, I need to permit some anonymous Diffie-Hellman ciphers in OpenSSL. This worked fine until I installed 1.1.0h when I get "no shared cipher". I debugged and found the cause in ssl_security_default_callback, ssl_cert.c line 1028: /* No unauthenticated ciphersuites */