Re: ssl3_choose_cipher

Ben Laurie Thu, 23 Dec 1999 05:29:15 -0800
Matthias Loepfe wrote:
> 
> Hi again,
> 
> Does really NOBODY has anything to say about the following? Shouldn't the server
> try to always choose the best available cipher?

Why is DES-CBC3-SHA better than RC4-MD5?

Cheers,

Ben.

> 
> regards
> 
> Matthias
> 
> Matthias Loepfe wrote:
> >
> > Hi
> >
> > I have fundamental question regarding choosing the chipher in SSL. The spec
> > says that the client send the accepted ciphers in the order of preference, and
> > that the server chooses then the cipher to use.
> >
> > In the current implementation of ssl3_choose_cipher() it is realy the client's
> > preference which will be take to choose from the common ciphers.
> >
> > But I know many companies which would like to be able to set the preference
> > on the server side.
> >
> > Because of the current behaviour the 'RC4-MD5' will be choosen before
> > 'DES-CBC3-SHA' which I think is not correct.
> >
> > Now the questions: 1) Is (from the spec point of view) the server side allowed
> >                       to choose according to his own preferences?
> >                    2) Why should the server not enforce his own preference?
> >
> > regards
> >
> > Matthias Loepfe
> >
> > -------------------------------------------------------------------------------
> > Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
> > Email: [EMAIL PROTECTED]   Voice: +41 1 272 6111   Fax: +41 1 272 6312
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > Development Mailing List                       [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm

http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: ssl3_choose_cipher

Reply via email to
