LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-18-2013, 10:39 AM   #1
markseger
Member
 
Registered: Jul 2003
Posts: 241

Rep: Reputation: 25
How do you change cipher list order with openssl cipher command?


I just discovered this and according to what I'm reading you can use this to change the order a client requests ciphers in.

After displaying the current order of my cipher list with the command

Code:
ubuntu@server-1359495587-az-2-region-a-geo-1:~$ openssl ciphers
I finally figured out the syntax to change the cipher order, at least I think I did because until I put a space after the plus sigh, I got errors:

Code:
ubuntu@server-1359495587-az-2-region-a-geo-1:~$ openssl ciphers + ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
but after I run the command the cipher list order is still the same. can someone help and/or clarify exactly what the point of this command is? maybe I've misunderstood what it does

-mark
 
Old 03-20-2013, 04:45 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
the + there is doing nothing at all. What you're doing there is asking for a list of ciphers that match "ECDHE-RSA-AES256-GCM-SHA384" which is obviously just one. Compared to...

Code:
openssl ciphers MD5
ADH-RC4-MD5:EXP-ADH-RC4-MD5:EXP-RC2-CBC-MD5:RC4-MD5:EXP-RC4-MD5:NULL-MD5:DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5
which lists all ciphers using MD5, and also...

Code:
openssl ciphers MD5+3DES
DES-CBC3-MD5
listing all ciphers with MD5 and 3DES.

you can't change the default order of those ciphers, you arrange your preferred cipher list as you see fit:

Code:
openssl ciphers HIGH:MEDIUM
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5

openssl ciphers MEDIUM:HIGH
ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5
So you can see there the order is different as the matching terms are in a different order.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Affine Cipher Gato Azul Programming 3 02-01-2013 01:47 PM
[SOLVED] Possible to remotely list supported cipher suites? szboardstretcher Linux - Security 4 11-30-2011 02:37 PM
C++ Vigenere cipher robertodb Programming 6 09-20-2011 11:07 AM
cipher code examples raevin Programming 6 07-04-2011 07:36 AM
Cipher all data xanax Linux - Security 9 12-10-2006 02:35 AM


All times are GMT -5. The time now is 02:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration