Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Openssl cipher strength
Special Forums Cybersecurity Openssl cipher strength Post 302759981 by hydrashok158 on Wednesday 23rd of January 2013 07:24:58 AM
Old 01-23-2013
Openssl cipher strength
I have read the forums for strengthing the openssl ciphers on a server and the following command I can run:

openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH'
I have some services that cannot be set to higher levels like you can set in an httpd.conf file. My questions is that if I run that command on a server does that change the default openssl setting permanently? does it change it for a session? Or am I just getting a list of ciphers?

 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Password safe encryption strength

I'm not sure if this is the right forum for this or not but we use a program called "Password Safe" to store the many root passwords we have for our Unix system. Now we are being called out by our security team to prove that this is a safe program to use. So far I have been able to determine... (1 Reply)
Discussion started by: keelba
1 Replies

2. UNIX for Dummies Questions & Answers

cipher scp question

Hi, At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)
Discussion started by: lennyxx
0 Replies

3. Cybersecurity

Periodic check of user password strength

I need to periodically run a check on the passwords of the users (Redhat 5.0) to verify that all passwords meet minimal standards. I remember seeing a script years ago that grabbed the encrypted passwords from the file and checked if they matched any of the encrypted strings in another file, plus... (1 Reply)
Discussion started by: tlynnch
1 Replies

4. UNIX for Dummies Questions & Answers

Check password strength

For moderator: I made a new thread in a proper part of the forum now https://www.unix.com/homework-coursework-questions/137119-user-processes.html But now i wan't to make something which isn't related to a homework, so i hope you won't close this one. Thanks to those two answers, you helped me!... (9 Replies)
Discussion started by: petel1
9 Replies

5. AIX

How to find TX and RX strength?

I have an AIX server running 6.1. My SAN switch is reporting that it is only receiving 5.9 uWatts (micro watts) and it should be well over 100 uWatts. How can I see the transmit strength of my fiber card from within AIX? I have Emulex fiber cards. (1 Reply)
Discussion started by: kah00na
1 Replies

6. Shell Programming and Scripting

ssh unkown cipher type error

Hello everyone, I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command: ssh paydvopl02 -c '"/home/jpassema/test.sh 1"' and the actual error message : Unknown cipher type '"/home/jpassema/test.sh 1"' the test.sh script is... (6 Replies)
Discussion started by: jimmy75_13
6 Replies

7. Solaris

Cipher issue on Solaris 11.4

Hi, Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error key exchange failed: cipher... (1 Reply)
Discussion started by: solaris_1977
1 Replies

LEARN ABOUT CENTOS

ssl_cipher_description

SSL_CIPHER_get_name(3)						      OpenSSL						    SSL_CIPHER_get_name(3)

NAME

       SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties

SYNOPSIS

	#include <openssl/ssl.h>

	const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
	int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
	char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
	char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);

DESCRIPTION

       SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the argument is the NULL pointer, a pointer to the constant value "NONE"
       is returned.

       SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. If alg_bits is not NULL, it contains the number of bits processed
       by the chosen algorithm. If cipher is NULL, 0 is returned.

       SSL_CIPHER_get_version() returns the protocol version for cipher, currently "SSLv2", "SSLv3", or "TLSv1". If cipher is NULL, "(NONE)" is
       returned.

       SSL_CIPHER_description() returns a textual description of the cipher used into the buffer buf of length len provided. len must be at least
       128 bytes, otherwise a pointer to the string "Buffer too small" is returned. If buf is NULL, a buffer of 128 bytes is allocated using
       OPENSSL_malloc(). If the allocation fails, a pointer to the string "OPENSSL_malloc Error" is returned.

NOTES

       The number of bits processed can be different from the secret bits. An export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The
       algorithm does use the full 128 bits (which would be returned for alg_bits), of which however 88bits are fixed. The search space is hence
       only 40 bits.

       The string returned by SSL_CIPHER_description() in case of success consists of cleartext information separated by one or more blanks in the
       following sequence:

       <ciphername>
	   Textual representation of the cipher name.

       <protocol version>
	   Protocol version: SSLv2, SSLv3. The TLSv1 ciphers are flagged with SSLv3.

       Kx=<key exchange>
	   Key exchange method: RSA (for export ciphers as RSA(512) or RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)), DH/RSA, DH/DSS,
	   Fortezza.

       Au=<authentication>
	   Authentication method: RSA, DSS, DH, None. None is the representation of anonymous ciphers.

       Enc=<symmetric encryption method>
	   Encryption method with number of secret bits: DES(40), DES(56), 3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56),
	   RC2(128), IDEA(128), Fortezza, None.

       Mac=<message authentication code>
	   Message digest: MD5, SHA1.

       <export flag>
	   If the cipher is flagged exportable with respect to old US crypto regulations, the word "export" is printed.

EXAMPLES

       Some examples for the output of SSL_CIPHER_description():

	EDH-RSA-DES-CBC3-SHA	SSLv3 Kx=DH	  Au=RSA  Enc=3DES(168) Mac=SHA1
	EDH-DSS-DES-CBC3-SHA	SSLv3 Kx=DH	  Au=DSS  Enc=3DES(168) Mac=SHA1
	RC4-MD5 		SSLv3 Kx=RSA	  Au=RSA  Enc=RC4(128)	Mac=MD5
	EXP-RC4-MD5		SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)	Mac=MD5  export

BUGS

       If SSL_CIPHER_description() is called with cipher being NULL, the library crashes.

       If SSL_CIPHER_description() cannot handle a built-in cipher, the according description of the cipher property is unknown. This case should
       not occur.

RETURN VALUES

       See DESCRIPTION

SEE ALSO

       ssl(3), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1)

1.0.1e								    2013-02-11						    SSL_CIPHER_get_name(3)
All times are GMT -4. The time now is 03:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy