On Wed, Oct 13, 1999 at 04:57:44PM +0100, Ben Laurie wrote:
> Roger Bod�n wrote:
> >
> > Hello,
> >
> > Is there a complete list of the SSLv3/TLSv1 cipher suites openssl
> > supports?
> >
> > How can I control the priority between different cipher suites on the
> > server side?
>
> Speaking of which, now that Netscape (at least) ship a client that
> supports the new 56/1024 bit ciphersuites, should we switch them on?
Hmm, I tried them and they did work with Netscape.
I however also tried them for my own client/server application
(RFC2487 = TLS for SMTP), and when I enabled the experimental
TLS cypher suites in ssl/tls1.h, the automatic negotiation
yielded the 56/128 bit cypher, even though more secure cyphers were
available.
Setting SSL_OP_NON_EXPORT_FIRST didn't help.
How to check the priority??
Best regards,
Lutz
Oct 7 19:01:23 ws01 postfix/pickup[26559]: 4C18F82BB: uid=11019 from=<jaenicke>
Oct 7 19:01:23 ws01 postfix/cleanup[26634]: 4C18F82BB:
message-id=<[EMAIL PROTECTED]>
Oct 7 19:01:23 ws01 postfix/qmgr[26560]: 4C18F82BB:
from=<[EMAIL PROTECTED]>, size=781 (queue active)
Oct 7 19:01:24 ws01 postfix/smtp[26638]: TLS connection established: TLSv1 with
cipher EXP1024-RC4-SHA (56/128 bits)
Oct 7 19:01:24 ws01 postfix/smtp[26638]: 4C18F82BB: to=<[EMAIL PROTECTED]>,
relay=serv01.aet.tu-cottbus.de[141.43.132.161], delay=1, status=sent (250 Ok: queued
as DBB07A81D)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
