SSL_CIPHER_LIST RESET ciphers configured.

https://learninghub.kx.com/forums/topic/ssl_cipher_list-reset-ciphers-configured

Hello Team

I wanted to remove weak ciphers configured using SSL_CIPHER_LIST to avoid vulnerabilities. I tried exporting the parameter using (SSL_CIPHER_LIST) getting same set of ciphers configured earlier post restart.

Can someone please help me?

 

Thanks in advance.

Are all the ciphers you added available on the machine?

Are they all contained in:

/usr/bin/openssl ciphers -v

After updating Ciphers list with the one I have, I am getting error
SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:
'2023.02.19T20:28:44.616 failed to load TLS certificates

Could you please help me.

I see 31 by default on my machine but exporting the variable I see I can control it down to 3

https://code.kx.com/q/kb/ssl/#tls-cipher-list

$ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
31 
$ export SSL_CIPHER_LIST="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" $ 
q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
3

Can you replicate this on your system?