On Mon, Jan 27, 2003 at 10:47:27AM -0700, Steve Chadsey wrote:
> On Fri, Jan 24, 2003 at 09:30:28AM -0000, [EMAIL PROTECTED] wrote:
> > Try http://www.netcraft.com/sslwhats. It will give you a list of ciphers.
> >
>
> OK. I did that, and the only one I support is "RC4 with MD5". Strange, I
> thought I would be able to support more. Actually, to amend my previous
> post, the ones I expected to see were:
>
> EDH-RSA-DES-CBC3-SHA
> EDH-DSS-DES-CBC3-SHA
> DES-CBC3-SHA
> DHE-DSS-RC4-SHA
> IDEA-CBC-SHA
> RC4-SHA
> RC4-MD5
>
> since I have SSLv2 shut off. Would the above list be further limited
> by the type (RSA / DSA) key I have? It is RSA.
Yes, it is limited by the key. Without a DSA key, you cannot use DSS ciphers.
Therefore being left:
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
IDEA-CBC-SHA
RC4-SHA
RC4-MD5
> Yeah, I include only 'HIGH' and 'MEDIUM' strength ciphers, according
> to my SSLCipherSuite line.
>
> To follow up to Lutz, I tested all the ciphers with s_client against
> my server. The ones that I connected with were:
>
> DES-CBC3-SHA
> EDH-RSA-DES-CBC3-SHA
> IDEA-CBC-SHA
> RC4-MD5
> RC4-SHA
See above :-)
> The following gave me 'illegal parameter':
> DES-CBC3-MD5
> DES-CBC-MD5
> IDEA-CBC-MD5
> RC2-CBC-MD5
> RC4-64-MD5
These ciphers are SSLv2 ciphers.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
