Frederic HUGOT wrote:
>
> Greetings.
>
> I hope this is the right list to bring this up :
>
> I use SSLeay to test the SSL functionalities of some SSL client software.
> In the connection status (s_server -www), the common ciphers include
> EXP-EDH-DSS-DES-CBC, which is not in the list of ciphers suported
> by s_server (given right at the beginning of the status page).
> EXP-EDH-DSS-DES-CBC-SHA is supported though, but supposedly
> not by the client I am testing (ie. not in the common ciphers).
> Neither cipher allow for a connection between the two.
>
> Are both ciphers supported by SSLeay ?
> Or only the second one ?
>
> The SSLeay code mentions the common ciphers part may not work right
> all the time with ssl3. Did I find one of those times ? I'm afraid I don't
> quite
> understand why it shouldn't work, even after perusing the ssl3 source.
>
> I don't have any mastery over the client, and not even the source, for all
> the good
> it might do, so I can't check directly if there is a faulty
> EXP-EDH-DSS-DES-CBC
> support. That's why I use SSleay in my tests.
>
Obvious question first. Are you using a DSA (DSS) certificate with
s_server? If not then none of the *DSS* ciphers will work.
The client software: it isn't the HotJava browser is it? If so then
there is a known problem with its DSS signature format.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
