KX Community

Find answers, ask questions, and connect with our KX Community around the world.
KX Community Guidelines

Home Forums kdb+ SSL_CIPHER_LIST RESET ciphers configured.

  • SSL_CIPHER_LIST RESET ciphers configured.

    Posted by kpc on February 3, 2023 at 12:00 am

    Hello Team

    I wanted to remove weak ciphers configured using SSL_CIPHER_LIST to avoid vulnerabilities. I tried exporting the parameter using (SSL_CIPHER_LIST) getting same set of ciphers configured earlier post restart.

    Can someone please help me?

     

    Thanks in advance.

    kpc replied 9 months, 2 weeks ago 2 Members · 3 Replies
  • 3 Replies
  • rocuinneagain

    Member
    February 3, 2023 at 12:00 am

    I see 31 by default on my machine but exporting the variable I see I can control it down to 3

    https://code.kx.com/q/kb/ssl/#tls-cipher-list

    $ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
    q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
    31 
    $ export SSL_CIPHER_LIST="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" $ 
    q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
    q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
    3

    Can you replicate this on your system?

  • kpc

    Member
    February 19, 2023 at 12:00 am

    After updating Ciphers list with the one I have, I am getting error
    SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:
    ‘2023.02.19T20:28:44.616 failed to load TLS certificates

    Could you please help me.

  • rocuinneagain

    Member
    March 14, 2023 at 12:00 am

    Are all the ciphers you added available on the machine?

    Are they all contained in:

    /usr/bin/openssl ciphers -v

Log in to reply.