> Right. I want to ensure that the library does not choose KRB5 if the
> library was compiled with KRB5 support but the server was not
> configured for KRB5 use. (ie, no Kerberos 5 keytab file is provided)
I have a similar issue. I'd like to be able to prefer 128-bit ciphers
first, 168-bit ciphers second, and 56-bit ciphers lowest. Perhaps we can
come up with one solution that meets both of our requirements. I'd suggest
adding two hooks, one to control what ciphers are advertised to the client
and one to select which common cipher is actually used.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- filtering the cipher list at negotiation time Jeffrey Altman
- Re: filtering the cipher list at negotiation time Ben Laurie
- Re: filtering the cipher list at negotiation time Jeffrey Altman
- Re: filtering the cipher list at negotiation time Jeffrey Altman
- Re: filtering the cipher list at negotiation time Lutz Jaenicke
- Re: filtering the cipher list at negotiation time Jeffrey Altman
- Re: filtering the cipher list at negotiation time David Schwartz
- RE: filtering the cipher list at negotiation time Jeffrey Altman
- RE: filtering the cipher list at negotiation time David Schwartz
- Re: filtering the cipher list at negotiation time Lutz Jaenicke
- Re: filtering the cipher list at negotiation time Ben Laurie
- Re: filtering the cipher list at negotiation time Lutz Jaenicke
- Re: filtering the cipher list at negotiation time Jeffrey Altman
- Re: filtering the cipher list at negotiation time Lutz Jaenicke
- Re: filtering the cipher list at negotiation time Ben Laurie
