KNOWLEDGE BASE

How to verify ciphers are valid with openssl


Published: 21 Oct 2021
Last Modified Date: 22 Oct 2021

Question

How to use OpenSSL to verify if cipher list is valid

Environment

  • Tableau Server 

Answer

OpenSSL can be used to validate these ciphers:

Open an administrative command prompt
Navigate to the Apache directory on Tableau Server, ( by default:  %DRIVE%\Program Files\Tableau\Tableau Server\packages\apache.<VERSIONCODE>\bin. 
Launch OpenSSL

When OpenSSL is executed, run the following command:
ciphers "CIPHER:LIST"

For example:

ciphers "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA"

 

Additional Information

If a Cipher is not valid, an error will be returned.  In the above example, a ""Error in cipher list
139841555355536:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383" is returned due to incorrect syntax.

Additionally, if these settings are incorrect. the following TSM command can be used to set the cipherlist to the Tableau Server defaults:
TSM configuration get -k ssl.ciphersuite 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES:!CAMELLIA:!IDEA:!SEED'
 
Did this article resolve the issue?