Ciphersuites configuration: unknown command
Ariel Goyeneche
agoyeneche at gmail.com
Tue Oct 8 08:13:17 UTC 2024
Hi Andrew,
Thanks for the answer. I believe that you are suggesting that these
parameters are passed through to the underlying ssl as command line
parameters.
I tried all possible alternatives that I was able to find online (-, camel
case, lower case underscore separated) but I am always getting the same
error
*unknown command "ciphersuites" in "conf_commands"
*unknown command "-ciphersuites" in "conf_commands"
*unknown command "ciphers" in "conf_commands"
*unknown command "-ciphers" in "conf_commands"
Anyone else in the community that managed to get this config working please?
My openssl version is : OpenSSL 1.0.2k-fips 26 Jan 2017
Thanks
AG
On Mon, 7 Oct 2024 at 15:19, Andrew Clayton <andrew at digital-domain.net>
wrote:
> On Mon, 7 Oct 2024 10:22:03 +0200
> Ariel Goyeneche <agoyeneche at gmail.com> wrote:
>
> > Hi Team,
>
> Hello,
>
> [...]
>
> > *Issue*
> > When I am trying to add the following option:
> >
> > "tls": {
> > "certificate": "bundle",
> > "conf_commands": {
> > "ciphersuites": "ECDHE-RSA-AES256-GCM-SHA384",
> > "minprotocol": "TLSv1.2"
> > }
> > }
> > I get an error saying: *unknown command "ciphersuites" in "conf_commands"
> > option (386: unknown cmd name)*
>
> Hmm, looking at the SSL_CONF_cmd(3ossl) man-page, I'm wondering if you
> simply need to prefix the command with "-"?, i.e.
>
> "-ciphersuites": ...
>
> 'minprotocol' however looks a little different...
>
> "MinProtocol": ...
>
> Hope that helps...
>
> Cheers,
> Andrew
>
--
Ariel Goyeneche
www.goyeneche.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20241008/cf677478/attachment.htm>
More information about the unit
mailing list