<div dir="ltr"><div>Hi Andrew,</div><div><br></div><div>Thanks for the answer. I believe that you are suggesting that these parameters are passed through to the underlying ssl as command line parameters. </div><div>I tried all possible alternatives that I was able to find online (-, camel case, lower case underscore separated) but I am always getting the same error </div><div><span class="gmail-Apple-converted-space"> </span>*unknown command "ciphersuites" in "conf_commands"<br></div><div><span class="gmail-Apple-converted-space"> </span>*unknown command "-ciphersuites" in "conf_commands"<br></div><div><span class="gmail-Apple-converted-space"> </span>*unknown command "ciphers" in "conf_commands"<br></div><div><div><span class="gmail-Apple-converted-space"> </span>*unknown command "-ciphers" in "conf_commands"<br></div><br class="gmail-Apple-interchange-newline"></div><div>Anyone else in the community that managed to get this config working please?</div><div>My openssl version is : OpenSSL 1.0.2k-fips 26 Jan 2017</div><div><br></div><div>Thanks</div><div>AG</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 7 Oct 2024 at 15:19, Andrew Clayton <<a href="mailto:andrew@digital-domain.net">andrew@digital-domain.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">On Mon, 7 Oct 2024 10:22:03 +0200<br>
Ariel Goyeneche <<a href="mailto:agoyeneche@gmail.com" target="_blank">agoyeneche@gmail.com</a>> wrote:<br>
<br>
> Hi Team,<br>
<br>
Hello,<br>
<br>
[...]<br>
<br>
> *Issue*<br>
> When I am trying to add the following option:<br>
> <br>
>     "tls": {<br>
>         "certificate": "bundle",<br>
>         "conf_commands": {<br>
>             "ciphersuites": "ECDHE-RSA-AES256-GCM-SHA384",<br>
>             "minprotocol": "TLSv1.2"<br>
>         }<br>
>     }<br>
> I get an error saying: *unknown command "ciphersuites" in "conf_commands"<br>
> option (386: unknown cmd name)*<br>
<br>
Hmm, looking at the SSL_CONF_cmd(3ossl) man-page, I'm wondering if you<br>
simply need to prefix the command with "-"?, i.e.<br>
<br>
  "-ciphersuites": ...<br>
<br>
'minprotocol' however looks a little different...<br>
<br>
  "MinProtocol": ...<br>
<br>
Hope that helps...<br>
<br>
Cheers,<br>
Andrew<br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">Ariel Goyeneche<br><a href="http://www.goyeneche.co.uk" target="_blank">www.goyeneche.co.uk</a><br></div></div>