Is the -no_ecdhe option for s_server working as intended?

libressl / portable

LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.

https://www.libressl.org

1.36k stars 267 forks source link

Is the -no_ecdhe option for s_server working as intended? #652

Open sayrer opened 3 years ago

sayrer commented 3 years ago

It looks like it prevents loading curve files, but does it prevent negotiating ECDHE cipher suites?

kinichiro commented 3 years ago

Hi, Could you explain how do you use s_server and s_client, and what output do you expect ?

4a6f656c commented 3 years ago

Both the -no_dhe and -no_ecdhe options to s_server are based on old behaviour in libssl, which has since changed or been disabled (originally, to use DHE/ECDHE you had to set up various parameters - these options prevented that setup). Both of these are no longer useful and should be removed/deprecated.

If you need this behaviour the simplest option is to use !DHE or !ECDHE in your cipher string (e.g. openssl s_server ... -cipher HIGH:!ECDHE or openssl ciphers -v HIGH:!DHE:!ECDHE).

sayrer commented 3 years ago

OK, thanks. It came up in interop testing for Rustls. We're trying to get the interop tests passing with the copy of LibreSSL that ships with macOS Big Sur. https://github.com/ctz/rustls/issues/568