8 More Discussions You Might Find Interesting
1. Solaris
Hi,
Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
key exchange failed: cipher... (1 Reply)
Discussion started by: solaris_1977
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
3. Cybersecurity
I have read the forums for strengthing the openssl ciphers on a server and the following command I can run:
openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH'
I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies
4. Shell Programming and Scripting
Hello everyone,
I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command:
ssh paydvopl02 -c '"/home/jpassema/test.sh 1"'
and the actual error message :
Unknown cipher type '"/home/jpassema/test.sh 1"'
the test.sh script is... (6 Replies)
Discussion started by: jimmy75_13
6 Replies
5. Solaris
Thanks to this forum, I was able to get a program running that uses SSH to control programs running on other hosts. Now I'd like to enhance it.
The control program on the target hosts occassionally needs to be updated. Updating the menu program on the source host is easy as it is on one host. ... (1 Reply)
Discussion started by: PabloCruise77
1 Replies
6. Shell Programming and Scripting
HI all,
I am attempting to use the scp statemet in a shell script that I am writing
I need to have the user of the script enter a password at the time of the shell script running.I have the following questions?
1) how do i disable the automatic text echo when the user is entering the... (1 Reply)
Discussion started by: Segwar
1 Replies
7. UNIX for Dummies Questions & Answers
Hey Guys,
I created a script where i am trying to do scp from one machine to another and then from another to another remote machine. I am having a log file also with the current date and time stamp in which i have been successful. I would like to delete the log files older than 30 days in which... (9 Replies)
Discussion started by: chris1234
9 Replies
8. UNIX for Dummies Questions & Answers
Hi,
I am fairly new to Unix. My school computers have only UNIX installed on them, and I wish to use them to do some parallel computing. To do so, I need to transfer the files from my Windows computer to my Unix account on a different computer.
I am using the SSH login with the Putty client.... (2 Replies)
Discussion started by: Duchesne
2 Replies
SSL_CTX_set_cipher_list(3SSL) OpenSSL SSL_CTX_set_cipher_list(3SSL)
NAME
SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
int SSL_set_cipher_list(SSL *ssl, const char *str);
DESCRIPTION
SSL_CTX_set_cipher_list() sets the list of available ciphers for ctx using the control string str. The format of the string is described in
ciphers(1). The list of ciphers is inherited by all ssl objects created from ctx.
SSL_set_cipher_list() sets the list of ciphers only for ssl.
NOTES
The control string str should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no
syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are
mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all.
It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into
the list is also sufficient. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't
need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available. RSA export ciphers with a keylength of 512 bits for the RSA key
require a temporary 512 bit RSA key, as typically the supplied key has a length of 1024 bit (see SSL_CTX_set_tmp_rsa_callback(3)). RSA
ciphers using EDH need a certificate and key and additional DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).
A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-
parameters (see SSL_CTX_set_tmp_dh_callback(3)).
When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with a asymmetric key length
of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
and the handshake will fail.
RETURN VALUES
SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure.
SEE ALSO
ssl(3), SSL_get_ciphers(3), SSL_CTX_use_certificate(3), SSL_CTX_set_tmp_rsa_callback(3), SSL_CTX_set_tmp_dh_callback(3), ciphers(1)
1.0.1e 2013-02-11 SSL_CTX_set_cipher_list(3SSL)