Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-18-2013, 11:39 AM   #1
Registered: Jul 2003
Posts: 242

Rep: Reputation: 26
How do you change cipher list order with openssl cipher command?

I just discovered this and according to what I'm reading you can use this to change the order a client requests ciphers in.

After displaying the current order of my cipher list with the command

ubuntu@server-1359495587-az-2-region-a-geo-1:~$ openssl ciphers
I finally figured out the syntax to change the cipher order, at least I think I did because until I put a space after the plus sigh, I got errors:

ubuntu@server-1359495587-az-2-region-a-geo-1:~$ openssl ciphers + ECDHE-RSA-AES256-GCM-SHA384
but after I run the command the cipher list order is still the same. can someone help and/or clarify exactly what the point of this command is? maybe I've misunderstood what it does

Old 03-20-2013, 05:45 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971
the + there is doing nothing at all. What you're doing there is asking for a list of ciphers that match "ECDHE-RSA-AES256-GCM-SHA384" which is obviously just one. Compared to...

openssl ciphers MD5
which lists all ciphers using MD5, and also...

openssl ciphers MD5+3DES
listing all ciphers with MD5 and 3DES.

you can't change the default order of those ciphers, you arrange your preferred cipher list as you see fit:

openssl ciphers HIGH:MEDIUM

openssl ciphers MEDIUM:HIGH
So you can see there the order is different as the matching terms are in a different order.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Affine Cipher Gato Azul Programming 3 02-01-2013 02:47 PM
[SOLVED] Possible to remotely list supported cipher suites? szboardstretcher Linux - Security 4 11-30-2011 03:37 PM
C++ Vigenere cipher robertodb Programming 6 09-20-2011 12:07 PM
cipher code examples raevin Programming 6 07-04-2011 08:36 AM
Cipher all data xanax Linux - Security 9 12-10-2006 03:35 AM

All times are GMT -5. The time now is 01:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration