On 17/11/2021 08:25, M K Saravanan wrote:
Hi,
Do I need to do any config to enable DHE based ciphers in openssl for
command line usage?
$ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
10.10.16.100:443
You have the wrong name for this ciphersuite. OpenSSL uses its own
naming scheme. The mapping between the names you will see in the
specification and OpenSSL names are on this page:
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
The OpenSSL name for this particular ciphersuite is
"DHE-RSA-AES128-GCM-SHA256"
Matt
Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
139775998456896:error:140E6118:SSL
routines:ssl_cipher_process_rulestr:invalid
command:ssl/ssl_ciph.c:1028:
mksarav@ubuntu1804:~$ openssl version
OpenSSL 1.1.1d 10 Sep 2019
Non DHE ciphers are working fine with the above command option. Are
they purposely removed for security reasons? I need to use DHE ciphers
for some testing purpose. Is there anyway can I use it?
with regards,
Saravanan
