On 09/06/2017 12:02 AM, mahesh gs wrote: > Hi All, > > I am using openssl version 01.01.00f for providing TLS and DTLS > security for TCP and SCTP connection for our application. I have query > regarding the "Ciphers" that are accepted by the > SSL_CTX_set_cpiher_list API. The list of ciphers that are supported by > openssl version 01.01.00f that is output of command "openssl ciphers > -v" is as listed down below. When i try to set these ciphers through > API "SSL_CTX_set_cipher_list" returns success for some and failure for > some other ciphers. > > For example if i set "ECDHE-RSA-AES256-GCM-SHA384" API returns success > but if i set "DHE-DSS-AES256-GCM-SHA384" or "RC4-MD5" API returns > failure. My query is what are the accepted ciphers ? and what is the > reason behind not accepting some of them? >
OpenSSL 1.1.0 added a concept of "security level" for ciphers; see https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level for which levels correspond to bits of security, prohibited message digests, etc. -Ben
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
