On Thu, Jun 12, 2014 at 04:54:42PM +0200, Remi Gacogne wrote: > > > That's really nice, I've just applied it with Emeric's approval. > > Thanks Willy, but I just remembered that my patch walks directly into > what I spotted earlier, that in OpenSSL the name of ciphers using > ephemeral diffie-hellman for key exchange can start with EDH, but also > DHE, EXP-EDH or EXP1024-DHE. > > Here is a patch to fix that, hopefully it will be the only issue > remaining :)
I don't understand, that was precisely the intent of using SSL_cipher_description() which always returns "Kx=DH" in all circumstances. Is there any case you're aware where this does not work ? From what I saw in the code, it was a direct mapping of your test of the bit mask, so I'm a bit confused :-/ Willy
