[Ach] Thanks for the Logjam blog-post

Axel Hübl axel.huebl at web.de
Thu May 21 14:06:55 CEST 2015


On 21.05.2015 14:01, Max Maass wrote:
> It does indeed not work on Linux:
> $ openssl s_client -connect bettercrypto.org:443 -cipher "DHE"
> error setting cipher list
> 140323196081824:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
> cipher match:ssl_lib.c:1314:
> 
> (Using Ubuntu Server 14.04.2 and other Ubuntu-derivates)
> 
> Was wondering about that when I tried it, would be interested in what
> the correct commands would be on those systems to check my own servers.
> 
> Max
> 
> On 21.05.2015 13:33, Pepi Zawodsky wrote:
>> Hoi!
> 
>>> On 21 May 2015, at 12:01, L. Aaron Kaplan <kaplan at cert.at>
>>> wrote:
>>>
>>> https://bettercrypto.org/blog/2015/05/20/tls-logjam/
>>>
>>> Thanks Pepi, nice testing instructions!
>> Thanks, and thanks to Azet for checking my writing! Hadn’t had a
>> chance to test on Linux yet, got a message that it wouldn’t work
>> there. No idea why it wouldn’t but couldn’t test yet. If noone can
>> give it a quick copy/paste test I’ll hopefully get to it in the
>> late afternoon. (I’m surrounded by BSDs here. :-) )
> 
> 
>>> Great write-up (in german) by Hanno as well:
>>> http://www.golem.de/news/logjam-angriff-schwaeche-im-tls-verfahren-gefaehrdet-zehtausende-webseiten-1505-114161.html
> 
>>>
> It’s in the links on the better crypto site and I agree, great article.
> 
> 
>> Best regards Pepi

for me

  openssl s_client -connect bettercrypto.org:443 -cipher "EDH"

and

  openssl s_client -connect bettercrypto.org:443 -cipher "DH"

seem to work on linux.

openssl version
OpenSSL 1.0.1k 8 Jan 2015

Axel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/026cc289/attachment.sig>


More information about the Ach mailing list