Thank you very much for your answer Viktor ! It works, using : openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0" openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0" I was able to handshake a "AECDH-AES256-SHA" cipher. :-) I will try to investigate deeper around the SECLEVEL=... keyword that I completely missed.
Regards, Michel. -----Message d'origine----- De : openssl-dev [mailto:[email protected]] De la part de Viktor Dukhovni Envoyé : lundi 25 janvier 2016 15:55 À : [email protected] Objet : Re: [openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option > On Jan 10, 2016, at 8:39 AM, Michel <[email protected]> wrote: > > but NOT with version 1.1-pre : > openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH" > openssl s_client -cipher "ALL:eNULL:@STRENGTH" > Try: -cipher "ALL:eNULL:@STRENGTH:@SECLEVEL=0" The default security level 1 disables aNULL ciphers. Perhaps disabling aNULL via @SECLEVEL is not the right thing to do. The semantics of SECLEVEL are not yet set in stone, and authentication is quite separate from crypto security, so perhaps if you enable aNULL ciphers you should get them. After all, even if certificates are used, nothing forces you to verify them. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
