I am implementing a mutual authentication where the server is using nodejs while client is using boost::asio
. I was trying to work around by putting specific cipher and specific TLS version. I can force it to use the specific tls version, but how can I force boost::asio to work with specific ciphers. Here is my implementation code:
context_ptr ctx = websocketpp::lib::make_shared<boost::asio::ssl::context>(websocketpp::lib::asio::ssl::context::tlsv12_client);
try {
ctx->set_options(boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::single_dh_use);
ctx->set_verify_mode(boost::asio::ssl::context::verify_peer |
boost::asio::ssl::context::verify_fail_if_no_peer_cert);
ctx->load_verify_file("ca_server.pem");
} catch (std::exception& e) {
std::cout << "Exception " << e.what() << std::endl;
}
SSL_set_cipher_list(ctx->native_handle(), "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
ctx->use_certificate_file("client.pem",
boost::asio::ssl::context::file_format::pem);
ctx->use_private_key_file("client.key",
boost::asio::ssl::context::file_format::pem);
As you can see I want to use TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
cipher as authentication. Can anyone tell me what I should do to force it to use the specific cipher?
Note: My implementation of SSL_set_cipher_list(ctx->native_handle(), "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
is wrong. So how can I make this work?
After seeing the comment from @ottomeister, I realized that I was working on SSL context while I was using SSL connection. So I used, SSL_CTX_set_cipher_list
instead of SSL_set_cipher_list
, and it worked.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With