This page looks best with JavaScript enabled

Enabling old TLS / SSL ciphers in OpenSSL

 ·  ☕ 1 min read  ·  ✍️ suidroot

I was reminded of this tip during the CTF at a recent DC207 meetup. This config change is needed on machines with modern versions of OpenSSL that have disabled the older ciphers. The issue is that the old TLS, SSL and associated cipher suites have become insecure and support is subsequently dropped in OpenSSL.

For a workaround to this, you can edit the following lines at the bottom of /etc/ssl/openssl.cnf

[system_default_sect]
 MinProtocol = TLSv1
 CipherString = DEFAULT@SECLEVEL=1

It may be required to comment out similar lines in the config if they already exist.

Share on

Ben Mason
WRITTEN BY
suidroot
Computer Security – Reverse Engineering – Malware – Electronics Hobbyist – Sometimes Photographer – Spaceflight – Cat Enthusiast