using ADH on new openssl

[eduardomazolini]

Can't connect using php in new instalations, old server work fine.
I compile 0.98 version and work fine in command line but cant associete to php.
Its possible use new version of openssl wittout compile and hardwork maybe only set some configuration?

NEW OUTPUT

openssl s_client -cipher 'ADH' -tls1 -connect 10.xxx.xxx.xxx:8729

CONNECTED(00000003)
140126068425152:error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available:../ssl/statem/statem_clnt.c:800:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 0 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1551799697
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no

OLD AND WORKING OUTPUT
~/openssl-OpenSSL_0_9_8zh/apps# ./openssl s_client -cipher 'ADH' -tls1 -connect 10.xxx.xxx.xxx:8729
CONNECTED(00000003)

no peer certificate available

No client certificate CA names sent

SSL handshake has read 829 bytes and written 396 bytes

New, TLSv1/SSLv3, Cipher is ADH-AES256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ADH-AES256-SHA
Session-ID: 1E54160F878076BEF48666471CBE76CD25504A9D3339964B0FC324E14EE11D29
Session-ID-ctx:
Master-Key: C8CE7B59D815604F75A45D20F6603A72A3E54FB4F31DFC97D44F04043A23CE0BD916459C6195B64ACCAD75792B4C272C
Key-Arg : None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 84 f8 c9 e2 83 43 79 c4-56 c4 33 74 e4 6f ef 05 .....Cy.V.3t.o..
0010 - d1 92 dd a9 c7 d7 ef 5e-0d 2f b1 90 2d 7a c8 ae .......^./..-z..
0020 - 3c 3f 62 47 63 66 07 ab-38 7d 2d 99 07 db 01 1e <?bGcf..8}-.....
0030 - 88 19 82 93 1c f8 0e 69-96 d6 e1 bb c0 3e ee f0 .......i.....>..
0040 - 64 d4 fb 2a fa 21 72 20-fa d5 6f 0a 50 16 11 19 d...!r ..o.P...
0050 - 42 2c c4 13 a1 bb e9 32-33 35 2a 1d 14 37 4e 1a B,.....235..7N.
0060 - ae 42 e6 8c 16 a1 cc 99-f1 0e b7 f5 63 bf aa 2d .B..........c..-
0070 - d8 76 d6 9a cf 77 1d ad-35 c4 34 09 bf 0b e5 90 .v...w..5.4.....
0080 - 4d 74 c7 f5 37 97 5e 1c-fc 55 49 6f cb f4 ec 1b Mt..7.^..UIo....
0090 - 16 41 ec 4d f0 40 9b 96-f3 69 0d bf bd 38 55 f4 .A.M.@...i...8U.

Start Time: 1551800138
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

---

[eduardomazolini]

Adding info

~/openssl-OpenSSL_0_9_8zh/apps# ./openssl ciphers 'ADH'
ADH-AES256-SHA:ADH-AES128-SHA:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5

openssl ciphers 'ADH'

ADH-AES256-GCM-SHA384:ADH-AES128-GCM-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA

[mattcaswell]

Change your s_client line as follows:

openssl s_client -cipher 'ADH:@SECLEVEL=0' -tls1 -connect 10.xxx.xxx.xxx:8729

OpenSSL 1.1.0 implements "security levels". The default security level is 1. ADH ciphersuites are in security level 0 and so are blocked by default.

[eduardomazolini]

Tank, i will trie now on php