In 1.1.0j, if SSL_CTX_set_cipher_list() is called with "not-a-cipher" or "rc4", then SSL_R_NO_CIPHER_MATCH will occur.
In 1.1.1a, set_cipher_list() suceeds, seems to return the complete cipher list (should it do this?) but later ssl_cipher_list_to_bytes() will find that ssl_cipher_disabled() is true for all the ciphers, and SSL_R_NO_CIPHERS_AVAILABLE will occur. We can work around this change, but it seems to be moving a configuration error to a runtime error, and I'm not sure this was intentional, or a side-effect of code cleanups. I couldn't find mention of it in the man page or changelog. Also, I don't understand why "not-a-cipher" matches any ciphers in 1.1.1, I'd expect the cipher list to be empty. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
