Aha, thanks Matt.
The code I resorted to using does SSL_CTX_new(), SSL_new(),
SSL_CTX_set_cipher_list(), and then iterates
through SSL_get1_supported_ciphers() looking for anything with 3DES/RC4.
So it seems I can simplify that down to just SSL_CTX_new() and
SSL_CTX_set_cipher_list().
I know that
On 23/05/2020 21:08, Daniel Lenski wrote:
> When OpenConnect is explicitly requested to connect to an ancient
> server, what I am currently trying to do is
> SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this
> fails silently on subsequent connection if 3DES/RC4 support isn't
> av
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Daniel Lenski
> Sent: Saturday, May 23, 2020 17:24
>
> > Other than looping through all of the ciphers with SSL_get_ciphers()
> > right after this… is there a better way to check for 3DES/RC4 support
> > right at startu
> Other than looping through all of the ciphers with SSL_get_ciphers()
> right after this… is there a better way to check for 3DES/RC4 support
> right at startup, so we can give immediate feedback that connecting to
> such a server cannot succeed?
It was suggested that I should try EVP_get_ciphern