How to control ciphers used by SSL?

Liam Proven lproven at gmail.com
Wed Jan 22 18:06:27 UTC 2020


On Wed, 22 Jan 2020 at 18:44, stan <stanb at panix.com> wrote:
>
> I thnk we are dealing with OpenSSL, not Opnessh here. We are not ssh'ing
> in, we are using the API shich is on another port, 8427 if I recall
> coreclty.

Oh dear. That will teach me to read a question more carefully before
doing a hasty answer from work. Sorry.

I am not sure that you can individually manage or tweak protocol
versions, but I do not know for sure.

Also, AIUI there was a significant version upgrade after the famous Heartbleed:
https://en.wikipedia.org/wiki/Heartbleed

Do your older devices predate that?

If so, as per this answer:
https://askubuntu.com/questions/1059801/how-to-properly-downgrade-openssl-version-under-ubuntu-18-04?rq=1

I'd agree with the comment:

«
You should avoid attempting to downgrade OpenSSL, and use a VM or a
container with an older OS for things where you need to use the older
OpenSSL versions.
»

I.e. as per my older, albeit misguided, answer, try to isolate an
older LTS version of Ubuntu that works, and maybe run it in a
dedicated container -- LXD could be good for this, maybe -- just for
those devices.

-- 
Liam Proven - Profile: https://about.me/liamproven
Email: lproven at cix.co.uk - Google Mail/Hangouts/Plus: lproven at gmail.com
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053




More information about the ubuntu-users mailing list