On Wed, Feb 04, 2004 at 02:22:49PM +0100, Jostein Tveit wrote:
> Lutz Jaenicke <[EMAIL PROTECTED]> writes:
>
> > On Tue, Feb 03, 2004 at 08:41:23AM +0100, Jostein Tveit wrote:
> > > What exactly does the comment in ssl/ssl_lib.c mean:
> > >
> > > /* works well for SSLv2, not so good for SSLv3 */
> > > char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
>
> > Its part of the protocol (SSLv3, TLSv1, ...). The client sends its list of
> > supported ciphers, based upon which the server decides which cipher to
> > use. The server never "leaks" the information about the ciphers supported.
>
> Yes, I know. So the function SSL_get_shared_ciphers can only be
> used on the server side.
> What happen if you try to use it on the client side?
> Does it only report one common cipher?
>
> And what exactly does the comment "works well for SSLv2, not so
> good for SSLv3" mean?
> As far as I know, both SSLv2 and SSLv3/TLSv1 client hello include
> a list with perfered ciphers.
Yes, it does include the list of shared ciphers. I actually do not remember
the situation for SSLv2 (which I investgated at some point in time long
ago :-). But at least for SSLv3/TLSv1 the SSL_get_shared_ciphers() function
will return the list sent by the client, but as it will not take care of
the list actually supported by the server, it does not return the _shared_
ciphers.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
