Hello Team
I wanted to remove weak ciphers configured using SSL_CIPHER_LIST to avoid vulnerabilities. I tried exporting the parameter using ( SSL_CIPHER_LIST ) getting same set of ciphers configured earlier post restart.
Can someone please help me?
Thanks in advance.
I see 31 by default on my machine but exporting the variable I see I can control it down to 3
https://code.kx.com/q/kb/ssl/#tls-cipher-list
$ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems q)count “:” vs string (-26!)SSL_CIPHER_LIST 31 $ export SSL_CIPHER_LIST="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" $ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems q)count ":" vs string (-26!)[]SSL_CIPHER_LIST 3
Can you replicate this on your system?
After updating Ciphers list with the one I have, I am getting error
SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:
'2023.02.19T20:28:44.616 failed to load TLS certificates
Could you please help me.
Are all the ciphers you added available on the machine?
Are they all contained in:
/usr/bin/openssl ciphers -v