Hi again,
Does really NOBODY has anything to say about the following? Shouldn't the server
try to always choose the best available cipher?
regards
Matthias
Matthias Loepfe wrote:
>
> Hi
>
> I have fundamental question regarding choosing the chipher in SSL. The spec
> says that the client send the accepted ciphers in the order of preference, and
> that the server chooses then the cipher to use.
>
> In the current implementation of ssl3_choose_cipher() it is realy the client's
> preference which will be take to choose from the common ciphers.
>
> But I know many companies which would like to be able to set the preference
> on the server side.
>
> Because of the current behaviour the 'RC4-MD5' will be choosen before
> 'DES-CBC3-SHA' which I think is not correct.
>
> Now the questions: 1) Is (from the spec point of view) the server side allowed
> to choose according to his own preferences?
> 2) Why should the server not enforce his own preference?
>
> regards
>
> Matthias Loepfe
>
> -------------------------------------------------------------------------------
> Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
> Email: [EMAIL PROTECTED] Voice: +41 1 272 6111 Fax: +41 1 272 6312
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
