Re: Unable to set Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Date: Mon, 13 Apr 2020 16:52:34 -0400
On Mon, Apr 13, 2020 at 4:30 PM Mark Windshield via curl-library
<curl-library_at_cool.haxx.se> wrote:
>
> I'm trying to include the Cipher Suite TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) (DES-CBC3-SHA) in my request with the latest libcurl and openssl 1.1.1f, but I seem to be unable to do so, even tho cipher can be found in libcurls (https://curl.haxx.se/docs/ssl-ciphers.html) aswell as openssl's documentation (https://www.openssl.org/docs/man1.1.1/man1/ciphers.html).
>
> I tried everything from just setting the Cipher:
> curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "DES-CBC3-SHA");
> which would return the error SSL_CIPHER | Couldn't use specified SSL cipher
>
> to trying "ALL", "TLSv1" & "eNULL" aswell as using those with adding :@SECLEVEL=0 like this "ALL:@SECLEVEL=0" but nothing would endup using the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) in the Client Hello message.
>
> (also tried everything above with and without ssl_options "curlsslopt_allow_beast")
>
> Now I was wondering is it even possible to use this cipher anymore or am I just missing something?
See if the cipher is available in OpenSSL 1.1.1:
$ openssl version
OpenSSL 1.1.1 11 Sep 2018
$ openssl ciphers | tr ':' '\n' | grep 3DES
$
My stock OpenSSL installation does not provide TLS_RSA_WITH_3DES_EDE_CBC_SHA .
Jeff
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-04-13