This is a discussion on Re: [openssl.org #1461] Bug: EXPORT56 ciphers no longer exist - Openssl ; Hi Richard, > $ openssl ciphers EXPORT56 > Error in cipher list > 10434:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:ssl_lib.c:1176: This is because of the recently disabled 56 bit (named *Rogue Ciphersuites*) from OpenSSL 0.9.8c. This is been well documented in CHANGES.log ...
Hi Richard,
> $ openssl ciphers EXPORT56
> Error in cipher list
> 10434:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
> match:ssl_lib.c:1176:
This is because of the recently disabled 56 bit (named *Rogue
Ciphersuites*) from OpenSSL 0.9.8c. This is been well documented in
CHANGES.log
================================================== ==
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactivate the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired.
[Bodo Moeller]
================================================== ==
> I'm pretty sure this used to work with previous versions of openssl as
> promised by the ciphers.1 man page. Also note that EXPORT and EXPORT40
> is now the same list:
As there is no ciphersuites available except 40-bit, the list seems to be
the same.
Regards,
ViSolve Security Consulting Group.
securitygroup[at]visolve[dot]com
http://www.visolve.com/security/
Affordable OpenSource Support for your business.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
