Hi,
I have server code using openssl 1.0.0e that is intended to only support two
cipher types,
as selected by this sttatement:
SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-SHA384:AES256-SHA");
However when connecting using "openssl s_client" it reports that the session is
using a
different cipher:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDH-RSA-AES256-SHA384
...
To narrow this down, I tried just listing a single cipher suite as follows:
#openssl ciphers "ECDH-ECDSA-AES256-SHA384"
ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384
As you can see, I requested one cipher, but two are listed.
Looking in ssl/s3_lib.c, the ssl3_ciphers array has entries for the above two
ciphers that
are the same. I think this is a bug. In fact, it looks like a number of entries
are incorrect,
namely C00B, C00C, C00D, C00E, C00F, C029, C02A, C031, and C032. All contain
"SSL_aECDH" where
I think it should be "SSL_aRSA".
regards
Steve Taylor
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
