SSL_CIPHER_LIST RESET ciphers configured. - KX Learning Hub

kdb+

SSL_CIPHER_LIST RESET ciphers configured.

Posted by kpc on February 3, 2023 at 12:00 am

Hello Team

I wanted to remove weak ciphers configured using SSL_CIPHER_LIST to avoid vulnerabilities. I tried exporting the parameter using (SSL_CIPHER_LIST) getting same set of ciphers configured earlier post restart.

Can someone please help me?

Thanks in advance.

kpc replied 8 months, 2 weeks ago 2 Members · 3 Replies
3 Replies

rocuinneagain

Member

February 3, 2023 at 12:00 am

I see 31 by default on my machine but exporting the variable I see I can control it down to 3

https://code.kx.com/q/kb/ssl/#tls-cipher-list

$ q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
31 
$ export SSL_CIPHER_LIST="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" $ 
q KDB+ 4.0 2021.07.12 Copyright (C) 1993-2021 Kx Systems 
q)count ":" vs string (-26!)[]`SSL_CIPHER_LIST 
3

Can you replicate this on your system?

kpc

Member
February 19, 2023 at 12:00 am

After updating Ciphers list with the one I have, I am getting error
SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:
‘2023.02.19T20:28:44.616 failed to load TLS certificates

Could you please help me.
rocuinneagain

Member
March 14, 2023 at 12:00 am
Are all the ciphers you added available on the machine?

Are they all contained in:
```
/usr/bin/openssl ciphers -v
```

Log In to Reply

Log in to reply.