Environment variable to change cipher for openssl

Question

I want to use a particular cipher for a HTTPS connection. The client (phantomjs) statically links openssl. The only way to do it is using environment variables, as there are no command line arguments for doing it.

Does anyone know of the environment variable that can cause a particular cipher to be used? SSL_CIPHER doesnt seem to work.

PhantomJS has the `--ssl-ciphers` command line argument - how come this isn't sufficient? — Adam Waldenberg, Jan 10 '19 at 08:56

score 0 · Answer 1 · answered Jun 16 '20 at 08:25

You can specify ciphers in the OpenSSL config file (usually /etc/ssl/openssl.cfn). Look for a string like CipherString = DEFAULT@SECLEVEL=2 in the [system_default_sect] section and change it as you need.

P.S. If there's no such a string or even section you can add it by yourself. In Debian 10 this section looks like:

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

Environment variable to change cipher for openssl

1 Answers1