https://ben.the-collective.net/tags/openssl/ Recent content in OpenSSL on Ben's ideas and projects Hugo -- gohugo.io en locutus@the-collective.net (Ben Mason) locutus@the-collective.net (Ben Mason) ©2023, All Rights Reserved Wed, 18 Dec 2019 14:58:55 -0500 daily https://ben.the-collective.net/posts/2019-12-18-enabling-old-tls-ssl-ciphers-in-openssl/ Wed, 18 Dec 2019 14:58:55 -0500 locutus@the-collective.net (Ben Mason) Wed, 18 Dec 2019 14:58:55 -0500 https://ben.the-collective.net/posts/2019-12-18-enabling-old-tls-ssl-ciphers-in-openssl/ I was reminded of this tip during the CTF at a recent DC207 meetup. This config change is needed on machines with modern versions of OpenSSL that have disabled the older ciphers. The issue is that the old TLS, SSL and associated cipher suites have become insecure and support is subsequently dropped in OpenSSL. For a workaround to this, you can edit the following lines at the bottom of /etc/ssl/openssl.cnf <p>I was reminded of this tip during the CTF at a recent DC207 meetup. This config change is needed on machines with modern versions of OpenSSL that have disabled the older ciphers. The issue is that the old TLS, SSL and associated cipher suites have become insecure and support is subsequently dropped in OpenSSL.</p> <p>For a workaround to this, you can edit the following lines at the bottom of /etc/ssl/openssl.cnf</p> <pre tabindex="0"><code>[system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1 </code></pre><p>It may be required to comment out similar lines in the config if they already exist.</p> suidroot Kali Linux linux OpenSSL Security