Skip to content

Instantly share code, notes, and snippets.

@kmix

kmix/OpenSSL_Weak_Ciphers.md

Last active March 19, 2025 21:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kmix/fa9754c0588acde8dabb59de7f337098 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kmix/fa9754c0588acde8dabb59de7f337098 to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSL w/ Weak Ciphers Enabled
Raw
OpenSSL_Weak_Ciphers.md

In order to support weak ciphers for legacy device connectivity, it may be necessary to compile OpenSSL with the enable-weak-ssl-ciphers flag enabled.

For Ubuntu systems, I've created a PPA to allow package management via APT instead of building from source on each system.

Currently, there are packages for 18.04 (Bionic Beaver), 20.04 (Focal Fossa), 22.04 (Jammy Jellyfish), ahd 24.04 (Noble Numbat):

https://launchpad.net/~kmix/+archive/ubuntu/openssl

There are instructions for adding the PPA on the Launchpad page. To hold a package at a certain version (so that a newer distribution package doesn't overwrite it), you can hold the package at a certain version:

For jammy & noble:

sudo apt-mark hold openssl
sudo apt-mark hold libssl3

For bionic & focal:

sudo apt-mark hold openssl
sudo apt-mark hold libssl1.1

You can view held packages with the showhold option:

sudo apt-mark showhold

And when ready to upgrade to a new version:

sudo apt-mark unhold openssl
sudo apt-mark unhold libssl3
sudo apt-mark unhold libssl1.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment