SSL_CIPHER_LIST RESET ciphers configured.

Hello Team

I wanted to remove weak ciphers configured using SSL_CIPHER_LIST to avoid vulnerabilities. I tried exporting the parameter using ( SSL_CIPHER_LIST ) getting same set of ciphers configured earlier post restart.

Can someone please help me?

 

Thanks in advance.

I see 31 by default on my machine but exporting the variable I see I can control it down to 3

https://code.kx.com/q/kb/ssl/#tls-cipher-list 

$ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems q)count “:” vs string (-26!)SSL_CIPHER_LIST 31 $ export SSL_CIPHER_LIST="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" $ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems q)count ":" vs string (-26!)[]SSL_CIPHER_LIST 3

 Can you replicate this on your system?

After updating Ciphers list with the one I have, I am getting error 
SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:
'2023.02.19T20:28:44.616 failed to load TLS certificates

Could you please help me.
 

Are all the ciphers you added available on the machine?

Are they all contained in:

/usr/bin/openssl ciphers -v