OpenSSL Ciphers

dweimer dweimer at
Sat Mar 7 16:49:15 UTC 2015

On 03/07/2015 1:35 am, Doug Hardie wrote:
>> On 6 March 2015, at 17:35, dweimer <dweimer at> wrote:
>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at> wrote:
>>>> Hi--
>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at> wrote:
>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at> wrote:
>>>>>> The default list of ciphers is quite extensive and includes some 
>>>>>> that are apparently causing some potential security issues.  I 
>>>>>> have a number of applications that use OpenSSL and many don’t have 
>>>>>> the code to restrict the list.  Fixing all that would take quite a 
>>>>>> bit of work.  However, looking into /usr/include/openssl/ssl.h I 
>>>>>> find a definition for the SSL_DEFAULT_CIPHER_LIST.  The comments 
>>>>>> indicate that that list is the one used when the application 
>>>>>> doesn’t specify anything.  I changed its definition to:
>>>>>> However, s_connect will still create a connection with the export 
>>>>>> ciphers.  I tried adding !EXPORT to that list and it had no 
>>>>>> effect.  Is the definition actually used by openssl or is it just 
>>>>>> there for documentation?
>>>>> Not hearing anything on this, I suspect it’s not very well 
>>>>> understood.  I have started updating the various servers/clients 
>>>>> that use SSL/TLS.  The one that has me completely stumped is 
>>>>> sendmail.  There is a web page which provides instructions 
>>>>> "”.  However, 
>>>>> when I follow them, I can still establish a connection and deliver 
>>>>> mail using the export ciphers.
>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>> You can see which ciphers openssl will support via a statement like:
>>>> % openssl ciphers -v 
>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  
>>>> Mac=SHA1
>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  
>>>> Mac=SHA1
>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  
>>>> Mac=SHA1
>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  
>>>> Mac=SHA1
>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  
>>>> Mac=SHA1
>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  
>>>> Mac=SHA1
>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>> Mac=SHA1
>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>> Mac=MD5
>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>> Mac=MD5
>>>> ...and you can experiment with TLS negotiation results via something 
>>>> like:
>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect 
>>>> [ ... ]
>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>> Server public key is 2048 bit
>>>> Secure Renegotiation IS supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>>> SSL-Session:
>>>>   Protocol  : TLSv1
>>>>   Cipher    : AES128-SHA
>>>>   Session-ID: [ ... ]
>>>> Sendmail normally performs crypto via STARTTLS negotiation rather 
>>>> than via SMTPS; there's a CipherList option which can be defined via 
>>>> /  You might need to recompile sendmail 
>>>> with -D_FFR_TLS_1, which I think that novosial page mentions.
>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>> mentioned above.  The CipherList option doesn’t seem to work.  I can
>>> connect and send mail with that in place using the EXPORT ciphers.
>> Doug,
>>  I have this added to my /etc/mail/{HOSTNAME}.mc file.
>> Of course you can use other options, this has been there for a while 
>> in mine, carried over from some time a few versions back. Probably 
>> should get around to testing it to make sure it actually is still 
>> working. It doesn't take long to add it in and run a quick test.
> As I replied earlier, I have done that.  I can still use:
> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT

Strange, it seems to be working on mine.

if I use the following, it connects:
openssl s_client -connect -starttls smtp
depth=1 C = US, ST = Arizona, L = Scottsdale, O = ", Inc.", 
OU =, CN = Go Daddy Secure 
Certificate Authority - G2
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
     Protocol  : TLSv1.2
     Cipher    : DHE-RSA-AES256-GCM-SHA384

if I use the cipher option specify aNULL it fails:

openssl s_client -connect -starttls smtp -cipher aNULL
34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 
alert handshake 
no peer certificate available
No client certificate CA names sent
SSL handshake has read 353 bytes and written 234 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

    Dean E. Weimer

More information about the freebsd-questions mailing list