Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I'm using OpenSSL for my server developed in C.
OpenSSL is called in my source code in the following way:
SSL_CTX* InitServerCTX(void)
SSL_METHOD *method;
SSL_CTX *ctx;
OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
SSL_load_error_strings(); /* load all error messages */
method = TLSv1_2_server_method(); /* create new server-method instance */
ctx = SSL_CTX_new(method); /* create new context from method */
if ( ctx == NULL )
ERR_print_errors_fp(stderr);
abort();
return ctx;
int main(int count, char *Argc[])
SSL_CTX *ctx;
int server;
char *portnum;
// Initialize the SSL library
SSL_library_init();
ctx = InitServerCTX(); /* initialize SSL */
I tested my server with ssllabs.com. and I got weaks in the supported ciphers on my server.
I tried to add the following line after initiating context
SSL_CTX_set_cipher_list(ctx, "ALL:!NULL-MD5:!NULL-SHA:!NULL-RSA");
But nothing change!
How to disable these weak ciphers in my server?
This cipher setting does nothing to disable typical weak ciphers. In contrary: this enables practically all ciphers (due to ALL) including many weak ciphers and only disables a very few NULL ciphers.
At the very least you should use HIGH and not ALL. Even better recommendations can be found at the Mozilla server configuration.
–
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
