Hi Sebastien, The servers that are causing me the most problems are glftpd servers, which have a proprietary SSL implementation that is not open source. Seems to be no intersect between their ciphers and monos on many setups.
Sorry, I re-read the bit about DH.... So basically, all I have to do is find the point in SSLStream where the negotiation completes and crypto objects are initialised and instead of creating, say an RSA object, create a DH (and so on for the selected cipher spec.) I'll have a go on it next week when I have some time, thanks for the info - I'd really like to extend the cipher suite to support practically all the TLS cipher spec. As for the testing, can I not create a hacked version of the Mono SSL Server Stream (can't remember it's name) which only supports the cipher I want to test? Or is testing the Mono SSLClient against the Mono SSLServer not good enough - ie. do I need to test against an external component? Thanks again, Martin On 8/18/05, Sebastien Pouliot <[EMAIL PROTECTED]> wrote: > Hello Martin, > > On Thu, 2005-18-08 at 19:21 +0100, Martin Hinks wrote: > > Ok, thanks for the answer - I may well have a look at adding some of > > the ciphers when I get time... > > That would be nice :) > > > I know that it is not a requirement to support all ciphers, but many > > servers that I am using also do not support all the ciphers - they > > seem to support all the ones Mono doesn't currently support - great > > lol! > > Mono supports the most common algorithms - at least from an HTTPS point > of view. What are those servers running (software and protocol) ? > > > The error produced is could not negotiate a cipher or something > > similar - which was "fixed" by adding a DH cipher to the list of > > support ciphers (when I say fixed I mean it got a stage further - so > > the exception was just unsupported ciphers.) > > Both normal. > > Negotiation is done by intersecting the list of ciphers available to > both client and server and selecting (server) one of them. An alert is > sent if the intersection is empty. > > Adding something, like DH, to the client list results in a non-empty > intersection - but the client isn't capable to continue the handshake > because it doesn't support DH. > > > When I said "problem" I meant the lack of support for, hence, is the > > lack of support due to DH in Mono not being implemented or merely that > > the SSLStream hasn't been tweaked to support DH? > > I answered that... > > > * Mono.Security.dll supports DH (i.e. DH is present and working) so it > > > isn't a cryptographic issue; > > > Thanks again, it's a great class as it is - would be great if I could > > help add some ciphers! > > As I said it shouldn't too complex to add. It's even easier (test wise) > if you have access to servers that only support algorithms not present > in Mono. > -- > Sebastien Pouliot <[EMAIL PROTECTED]> > > -- Martin Hinks http://www.m-s-d.net _______________________________________________ Mono-devel-list mailing list [email protected] http://lists.ximian.com/mailman/listinfo/mono-devel-list
