Hello,
I am using OpenSSL (1.*) with Ngircd to enforce SSL connections. Is there a possibility that I can enforce certain ciphers or disable certain weak ciphers? The default config allow 56 bits ciphers:
SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:CAMELLIA128-SHA - ENABLED - STRONG 128 bits SSLv3:RC4-SHA - ENABLED - STRONG 128 bits SSLv3:SEED-SHA - ENABLED - STRONG 128 bits SSLv3:CAMELLIA256-SHA - ENABLED - STRONG 256 bits ** SSLv3:DES-CBC-SHA - ENABLED - WEAK 56 bits ** SSLv3:AES128-SHA - ENABLED - STRONG 128 bits SSLv3:AES256-SHA - ENABLED - STRONG 256 bits Error 20: unable to get local issuer certificate
TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:CAMELLIA128-SHA - ENABLED - STRONG 128 bits TLSv1:RC4-SHA - ENABLED - STRONG 128 bits TLSv1:SEED-SHA - ENABLED - STRONG 128 bits TLSv1:CAMELLIA256-SHA - ENABLED - STRONG 256 bits ** TLSv1:DES-CBC-SHA - ENABLED - WEAK 56 bits ** TLSv1:AES128-SHA - ENABLED - STRONG 128 bits TLSv1:AES256-SHA - ENABLED - STRONG 256 bits
Regards,
Michiel