Sameer Stephen
2013-04-04 09:53:17 UTC
Hi,
I am building an application which needs TLSv1.2 protocol. I am getting following issues with openssl-1.0.1c version:
Issue 1: openssl command errors out
=> openssl ciphers -v 'TLSv1.2'
Error in cipher list
47767988151392:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170:
=>openssl ciphers -v 'TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL'
Error in cipher list
47393772139616:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170:
Issue 2: SSL_CTX_set_cipher_list function errors out
if (!SSL_CTX_set_cipher_list(SSL_context, "TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL")) // Function return 0 on error
{
printf("Can't set cipher list\n");
}
In openssl-1.0.1e version both the issues go away. Is this a bug? Is there any way to fix the issue without upgrading the openssl library to new version?
Sam
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
I am building an application which needs TLSv1.2 protocol. I am getting following issues with openssl-1.0.1c version:
Issue 1: openssl command errors out
=> openssl ciphers -v 'TLSv1.2'
Error in cipher list
47767988151392:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170:
=>openssl ciphers -v 'TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL'
Error in cipher list
47393772139616:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1170:
Issue 2: SSL_CTX_set_cipher_list function errors out
if (!SSL_CTX_set_cipher_list(SSL_context, "TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL")) // Function return 0 on error
{
printf("Can't set cipher list\n");
}
In openssl-1.0.1e version both the issues go away. Is this a bug? Is there any way to fix the issue without upgrading the openssl library to new version?
Sam
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.