Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I am using OpenSSL 1.1.0g and set ciphers like
char const*cipher_list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256";
SSL_CTX_set_cipher_list(ctx,cipher_list);
. I was now naively thinking that the order of preference is as specified inside the cipher_list beginning with the highest and ending with the lowest.
But the ssl-server test at https://globalsign.ssllabs.com/analyze.html keeps telling me that the server has no preference (see -> https://i.postimg.cc/hvNhfyws/Selection_001.png). Just to be clear, there is no problem with the ciphers, only with their preference order, which seems not to be specified.
I've checked OpenSSL "doc", but I could not find anything explicit about SSL_CTX_set_cipher_list and preference order.
So how can I specify the order of preference?
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
