[Date Prev][Date Next]
Re: Selecting TLS Cipher problem
On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to limit the cipher list for TLS negotiations, but I don't
seem to be able to do this.....
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!
main: TLS init def ctx failed: -1
You can test your cipher list expression by passing it to the "openssl
$ openssl ciphers -v !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA:+MD5
Error in cipher list
16507:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:/usr/src/lib/libssl/src/ssl/ssl_lib.c:1144:
So your cipher list disables all the ciphers. The error is in the first
If `!' is used, then the ciphers are permanently deleted from the list.
The ciphers deleted can never reappear in the list even if they are ex-
So, your "!ALL" completely removes the "ALL" ciphers from the list and
nothing can reinsert them after that.
Offhand, it's not clear what you're trying to accomplish with that cipher
list expression, so it's not clear what the right 'fix' is.