RE: Cipher setting error: 'experimental'

Rajib Karmakar Fri, 23 Sep 2011 06:23:52 -0700

Hi Dave,


Thanks for spending some time for my issue. But, it seems that you have
followed the same steps that I had used earlier; but I still not been able
to enable the ciphers. I may be missing something. So can you please send me
a detailed steps on how you got those ciphers enabled.

 

I downloaded the 1.0.0e version and tried again; but ending up with the same
result. This is what I have done,

1.       Downloaded the 1.0.0e version from OpenSSL website.

2.       Untar the source.

3.       Modified the ssl/tls.h file to #define
TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1.

4.       ./config

5.       make; make install

 

When I run "openssl cipher -v", I got the below output. You can see that I
got the export ciphers enabled but they are only the 512 versions not 1024
ones. Also when I use s_client as "openssl s_client -cipher EXP-RC4-MD5", I
only get the RSA_EXPORT_WITH_RC4_40_MD5 cipher in my Client Hello. But I
require ciphers like the RSA_EXPORT1024_WITH_RC4_56_MD5. I believe this are
similar ciphers, just a 1024 variation. 

 

It would be a great help if you can manage some more time for me. Thanks in
advance.

 

Regards,

Rajib

DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1

DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1

AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1

DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1

CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1

EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1    

EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1    

DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1    

DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5     

DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1    

DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1    

AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1    

DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1

DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1

CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5     

RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1    

RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5     

RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5     

EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1    

EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1    

DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1    

DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5     

EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1
export

EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1
export

EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1
export

EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
export

EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
export

EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
export

EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
export

 

-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Friday, September 23, 2011 8:17 AM
To: openssl-users@openssl.org
Subject: RE: Cipher setting error: 'experimental'

 

> From: owner-openssl-us...@openssl.org On Behalf Of Rajib Karmakar

> Sent: Monday, 19 September, 2011 03:53

 

> Thanks for your reply. I got the steps I mentioned after some 

> googling. But

> those steps are not working. I understand you must be very 

> busy, but I am

> stuck into there from then on. Can you please manage some 

> time to look into

> it. Or if you know someone who can help me in this regard. It 

> would also be

> very helpful if you suggest some experiments that I can do in this.

> 

Okay, I had time to do a build of 1.0.0e with ssl/tls1.h 

patched to #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 .

It works as I expected: the 4 EXP1024 ciphers excluding the 

#if 0'ed MD5 ones plus DHE-DSS-RC4-SHA appear in ciphers -v, 

and can be selected (and used!) by s_server and s_client.

 

Make sure you are building the version you patched 

and using (running,linking) the version you built.

 

 

 

______________________________________________________________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    openssl-users@openssl.org

Automated List Manager                           majord...@openssl.org

RE: Cipher setting error: 'experimental'

Reply via email to