Re: Enabled weak cipher suites

2019-06-26 Thread Matt Caswell 



On 26/06/2019 12:18, John Jiang wrote:
> On Wed, Jun 26, 2019 at 2:59 PM Dr Paul Dale  > wrote:
> 
> Yes there is but it will require a reconfigure and a recompile.
> 
> Could you please show me more details about it?
> Which option(s) should be used for configuring and compiling?

To compile in support for weak ciphersuites:

$ ./config enable-weak-ssl-ciphers

And then make/make test/make install as usual.

Once support is compiled in the weak ciphersuites are still not enabled in the
"DEFAULT" set of ciphersuites - you have to explicitly enable them at run time, 
e.g.

$ openssl s_server -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0"

$ openssl s_client -no_tls1_3 -cipher "RC4-MD5:@SECLEVEL=0"

Matt

>  
> 
> 
> The big question is: "why?”
> RC4 and MD5 are both considered broken.
> 
> Don't worry, just for some testing.
> 
> Thanks!
> 
> 
> 
> Pauli
> -- 
> Dr Paul Dale | Cryptographer | Network Security & Encryption 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
>> On 26 Jun 2019, at 11:41 am, John Jiang > > wrote:
>>
>> Hi,
>> I'm using s_server and s_client from OpenSSL 1.1.1.
>> It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are 
>> disabled.
>> Is there any way to re-enable these cipher suites?
>>
>> Thanks!
>

Re: Enabled weak cipher suites

2019-06-26 Thread John Jiang 
On Wed, Jun 26, 2019 at 2:59 PM Dr Paul Dale  wrote:

> Yes there is but it will require a reconfigure and a recompile.
>
Could you please show me more details about it?
Which option(s) should be used for configuring and compiling?


>
> The big question is: "why?”
> RC4 and MD5 are both considered broken.
>
Don't worry, just for some testing.

Thanks!


>
> Pauli
> --
> Dr Paul Dale | Cryptographer | Network Security & Encryption
> Phone +61 7 3031 7217
> Oracle Australia
>
>
>
> On 26 Jun 2019, at 11:41 am, John Jiang  wrote:
>
> Hi,
> I'm using s_server and s_client from OpenSSL 1.1.1.
> It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are
> disabled.
> Is there any way to re-enable these cipher suites?
>
> Thanks!
>
>
>

Re: Enabled weak cipher suites

2019-06-26 Thread Dennis Clarke 

On 6/25/19 9:41 PM, John Jiang wrote:

Hi,
I'm using s_server and s_client from OpenSSL 1.1.1.
It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are 
disabled.

Is there any way to re-enable these cipher suites?


Fairly certain that is a configuration option however I have not
bothered with those since 1.0.2 or so.


--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional

Re: Enabled weak cipher suites

2019-06-25 Thread Dr Paul Dale 
Yes there is but it will require a reconfigure and a recompile.

The big question is: "why?”
RC4 and MD5 are both considered broken.


Pauli
-- 
Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia



> On 26 Jun 2019, at 11:41 am, John Jiang  wrote:
> 
> Hi,
> I'm using s_server and s_client from OpenSSL 1.1.1.
> It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are disabled.
> Is there any way to re-enable these cipher suites?
> 
> Thanks!

Enabled weak cipher suites

2019-06-25 Thread John Jiang 
Hi,
I'm using s_server and s_client from OpenSSL 1.1.1.
It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are
disabled.
Is there any way to re-enable these cipher suites?

Thanks!