CODEWITHSUNDEEP
cwindowsopenssl
soandos
soandos

Reputation: 5146

OpenSSL 1.0.2 and error "SSL_CTX_new:library has no ciphers"

I am attempting to compile and run an example from libest (client-simple). To do that, I compiled OpenSSL on windows, and then compiled and linked libest with that.

The problem is that when I run the program, I get error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers:

enter image description here

Looking at the code in the debugger, I can confirm that OPENSSL_add_all_algorithms_noconf gets called, as well as:

What might be missing/need to be configured to allow OpenSSL to find the cipher suites? If I run the openSSL.exe that I built at the same time as the .lib and .dll for openSSL, it lists many many ciphers.

The actual call that is causing the error is SSL_CTX_new(SSLv23_client_method())). But it does not change if I change the client method.

Why am I encountering the error, and how can I fix it?

Upvotes: 3

Views: 6619

Answers (2)

iammainul
iammainul

Reputation: 79

I was facing the same issue with my tcp client. So, I found a code in github to try and run it to check if I was getting the same errors.

The repo link: SSL TCP-Server

After that I introduced a line in my code:

$ SSL_library_init();

This line solved my problem. You can find my code here: TCP Client-Server with Open SSL

Upvotes: 2

jww
jww

Reputation: 102205

You need to use TLS 1.1 or above. You probably also need Server Name Indication (SNI). SNI is enlisted with -servername below.

We need to see more of the code to tell you where the problem is/are. In the meantime, you might want to visit SSL/TLS Client on the OpenSSL wiki. (It looks like the site is going through some maintenance at the moment. Here's an archived versionfrom the Wayback machine).

TLS 1.2:

$ openssl s_client -connect testrfc7030.cisco.com:9443 -servername testrfc7030.cisco.com -tls1_2
...
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B04740547F80E8F8BFC1B966D28C861F590E7ABB31202E2ED343EFDBA1A08867
    Session-ID-ctx: 
    Master-Key: C6EF3571832C482E1293E78B0410E544140182858A91DDE16FD32CF248D442673C47C902A560A541B1D6C417E35DF804
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1478031623
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no

TLS 1.1:

$ openssl s_client -connect testrfc7030.cisco.com:9443 -servername testrfc7030.cisco.com -tls1_1
...
New, SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 62324F8BE5178E801F76B4737DD9F711AC0072E885B8748BB5B8F3ED3D16C8DE
    Session-ID-ctx: 
    Master-Key: 4E44928C5E395E80AEF02533DAA0D237C58B5153CCCA16150B2DEDE361043BFB69D534F52A203084871F1683BDB241EF
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1478031773
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no

TLS 1.0:

$ openssl s_client -connect testrfc7030.cisco.com:9443 -servername testrfc7030.cisco.com -tls1
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
...
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1478031817
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

Upvotes: 2

Related Questions