On Wed, Feb 04, 2004 at 02:22:49PM +0100, Jostein Tveit wrote: > Lutz Jaenicke <[EMAIL PROTECTED]> writes: > > > On Tue, Feb 03, 2004 at 08:41:23AM +0100, Jostein Tveit wrote: > > > What exactly does the comment in ssl/ssl_lib.c mean: > > > > > > /* works well for SSLv2, not so good for SSLv3 */ > > > char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) > > > Its part of the protocol (SSLv3, TLSv1, ...). The client sends its list of > > supported ciphers, based upon which the server decides which cipher to > > use. The server never "leaks" the information about the ciphers supported. > > Yes, I know. So the function SSL_get_shared_ciphers can only be > used on the server side. > What happen if you try to use it on the client side? > Does it only report one common cipher? > > And what exactly does the comment "works well for SSLv2, not so > good for SSLv3" mean? > As far as I know, both SSLv2 and SSLv3/TLSv1 client hello include > a list with perfered ciphers.
Yes, it does include the list of shared ciphers. I actually do not remember the situation for SSLv2 (which I investgated at some point in time long ago :-). But at least for SSLv3/TLSv1 the SSL_get_shared_ciphers() function will return the list sent by the client, but as it will not take care of the list actually supported by the server, it does not return the _shared_ ciphers. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]