-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
using ADH on new openssl #8408
Comments
Adding info ~/openssl-OpenSSL_0_9_8zh/apps# ./openssl ciphers 'ADH' openssl ciphers 'ADH'ADH-AES256-GCM-SHA384:ADH-AES128-GCM-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA |
Change your s_client line as follows:
OpenSSL 1.1.0 implements "security levels". The default security level is 1. ADH ciphersuites are in security level 0 and so are blocked by default. |
Tank, i will trie now on php |
Can't connect using php in new instalations, old server work fine.
I compile 0.98 version and work fine in command line but cant associete to php.
Its possible use new version of openssl wittout compile and hardwork maybe only set some configuration?
NEW OUTPUT
openssl s_client -cipher 'ADH' -tls1 -connect 10.xxx.xxx.xxx:8729
CONNECTED(00000003)
140126068425152:error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available:../ssl/statem/statem_clnt.c:800:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 0 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1551799697
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
OLD AND WORKING OUTPUT
~/openssl-OpenSSL_0_9_8zh/apps# ./openssl s_client -cipher 'ADH' -tls1 -connect 10.xxx.xxx.xxx:8729
CONNECTED(00000003)
no peer certificate available
No client certificate CA names sent
SSL handshake has read 829 bytes and written 396 bytes
New, TLSv1/SSLv3, Cipher is ADH-AES256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ADH-AES256-SHA
Session-ID: 1E54160F878076BEF48666471CBE76CD25504A9D3339964B0FC324E14EE11D29
Session-ID-ctx:
Master-Key: C8CE7B59D815604F75A45D20F6603A72A3E54FB4F31DFC97D44F04043A23CE0BD916459C6195B64ACCAD75792B4C272C
Key-Arg : None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 84 f8 c9 e2 83 43 79 c4-56 c4 33 74 e4 6f ef 05 .....Cy.V.3t.o..
0010 - d1 92 dd a9 c7 d7 ef 5e-0d 2f b1 90 2d 7a c8 ae .......^./..-z..
0020 - 3c 3f 62 47 63 66 07 ab-38 7d 2d 99 07 db 01 1e <?bGcf..8}-.....
0030 - 88 19 82 93 1c f8 0e 69-96 d6 e1 bb c0 3e ee f0 .......i.....>..
0040 - 64 d4 fb 2a fa 21 72 20-fa d5 6f 0a 50 16 11 19 d...!r ..o.P...
0050 - 42 2c c4 13 a1 bb e9 32-33 35 2a 1d 14 37 4e 1a B,.....235..7N.
0060 - ae 42 e6 8c 16 a1 cc 99-f1 0e b7 f5 63 bf aa 2d .B..........c..-
0070 - d8 76 d6 9a cf 77 1d ad-35 c4 34 09 bf 0b e5 90 .v...w..5.4.....
0080 - 4d 74 c7 f5 37 97 5e 1c-fc 55 49 6f cb f4 ec 1b Mt..7.^..UIo....
0090 - 16 41 ec 4d f0 40 9b 96-f3 69 0d bf bd 38 55 f4 .A.M.@...i...8U.
The text was updated successfully, but these errors were encountered: