Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using specific cipher for SSL/TLS in boost::asio

I am implementing a mutual authentication where the server is using nodejs while client is using boost::asio. I was trying to work around by putting specific cipher and specific TLS version. I can force it to use the specific tls version, but how can I force boost::asio to work with specific ciphers. Here is my implementation code:

context_ptr ctx = websocketpp::lib::make_shared<boost::asio::ssl::context>(websocketpp::lib::asio::ssl::context::tlsv12_client);
try {
        ctx->set_options(boost::asio::ssl::context::default_workarounds |
                         boost::asio::ssl::context::no_sslv2 |
                         boost::asio::ssl::context::single_dh_use);
        ctx->set_verify_mode(boost::asio::ssl::context::verify_peer | 
        boost::asio::ssl::context::verify_fail_if_no_peer_cert);
        ctx->load_verify_file("ca_server.pem");
    } catch (std::exception& e) {
        std::cout << "Exception " << e.what() << std::endl;
    }
SSL_set_cipher_list(ctx->native_handle(), "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
ctx->use_certificate_file("client.pem",
        boost::asio::ssl::context::file_format::pem);
ctx->use_private_key_file("client.key", 
        boost::asio::ssl::context::file_format::pem);

As you can see I want to use TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher as authentication. Can anyone tell me what I should do to force it to use the specific cipher?

Note: My implementation of SSL_set_cipher_list(ctx->native_handle(), "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); is wrong. So how can I make this work?

like image 270
Prashant Dey Avatar asked Aug 31 '25 05:08

Prashant Dey


1 Answers

After seeing the comment from @ottomeister, I realized that I was working on SSL context while I was using SSL connection. So I used, SSL_CTX_set_cipher_list instead of SSL_set_cipher_list, and it worked.

like image 169
Prashant Dey Avatar answered Sep 02 '25 19:09

Prashant Dey