Disable EXPORT cipher suites during compilation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable EXPORT cipher suites during compilation

pratyush parimal
Hi everyone,

I am trying to disable the EXPORT ciphers in my OpenSSL code, during compile-time.

I'm able to do so at runtime by including '!EXP' in the string I use with SSL_CTX_set_cipher_list(). However, I'm wondering is there an option (like 'no-rc5') that I can pass to Configure?

./Configure --help says that I can use no-<cipher> to disable stuff, so I used no-exp, but I think that didn't work since the list of ciphers I get from SSL_get_ciphers() still includes EXP-... ciphers.

So does anyone know of a way to compile them out?

Thanks,
Pratyush

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable EXPORT cipher suites during compilation

Wayming Zhang
Hi Pratyush,

Had a quick search in the source, seems like "no-exp" doesn't change anything. OPENSSL_NO_EXP is defined(by opensslconf.h) when "no-exp" is specified with Configuration command, however, it is not used at all.

Regards
Way

On 17/07/15 03:19, pratyush parimal wrote:
Hi everyone,

I am trying to disable the EXPORT ciphers in my OpenSSL code, during compile-time.

I'm able to do so at runtime by including '!EXP' in the string I use with SSL_CTX_set_cipher_list(). However, I'm wondering is there an option (like 'no-rc5') that I can pass to Configure?

./Configure --help says that I can use no-<cipher> to disable stuff, so I used no-exp, but I think that didn't work since the list of ciphers I get from SSL_get_ciphers() still includes EXP-... ciphers.

So does anyone know of a way to compile them out?

Thanks,
Pratyush


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users