enabling null cipher

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

enabling null cipher

vishwaskn
Hello All,

Could someone please let me know what is the right way to enable null-ciphers in openssl. I want to do some performance evaluations with openssl and as a part of the exercise, want to tabulate performance with null encryption ciphers too.

Want to get this working with openssl s_server to begin with.

I have come across various answers where people have suggested:
1. specify the cipher list using SSL_CTX_set_cipher_list with cipher list being only eNULL.
2. SSL_CTX_set_security_level with level=0.
Have tried doing this from the client side but to no avail.

On the server side, I have added -cipher "COMPLEMENTOFALL" to s_server to add the null ciphers.

Is there a config option that needs to be enabled or a code change to go with ?

thanks,
-vishwas.
Reply | Threaded
Open this post in threaded view
|

Re: enabling null cipher

Matt Caswell-2
This should do it:

openssl s_server -cert /path/to/cert -key /path/to/key -cipher
eNULL@SECLEVEL=0 -no_tls1_3

From the client side:

openssl s_client -cipher eNULL@SECLEVEL=0

Matt



On 27/08/2020 05:32, vishwas k.n. wrote:

> Hello All,
>
> Could someone please let me know what is the right way to enable
> null-ciphers in openssl. I want to do some performance evaluations with
> openssl and as a part of the exercise, want to tabulate performance with
> null encryption ciphers too.
>
> Want to get this working with openssl s_server to begin with.
>
> I have come across various answers where people have suggested:
> 1. specify the cipher list using SSL_CTX_set_cipher_list with cipher
> list being only eNULL.
> 2. SSL_CTX_set_security_level with level=0.
> Have tried doing this from the client side but to no avail.
>
> On the server side, I have added -cipher "COMPLEMENTOFALL" to s_server
> to add the null ciphers.
>
> Is there a config option that needs to be enabled or a code change to go
> with ?
>
> thanks,
> -vishwas.