On Thu, Jan 24, 2013, Jeffrey Walton wrote: > On Wed, Jan 23, 2013 at 1:20 PM, Smith, Russell (Shane), Contractor > <russell.s.smith....@sofsa.mil> wrote: > > I am looking for a way to disable weak ciphers in openssl. > > I have a legacy program that uses the "default" SSL ciphers and is not > > configurable like apache and httpd.conf etc. > > Is there any way I can change the actual openssl configuration on my > > server > > So that only selected ciphers and protocols are available? > The program is legacy. Is the library being used as a shared object? > > Is so, you can configure the library with -no-sslv2, -no-sslv3, etc. > It can be used to remove weak/wounded/broken ciphers and protocols. >
It is also possible to hand edit the SSL_DEFAULT_CIPHER_LIST definition in ssl.h Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
