RE: filtering the cipher list at negotiation time

[Jeffrey Altman]

> 
> > Right.  I want to ensure that the library does not choose KRB5 if the
> > library was compiled with KRB5 support but the server was not
> > configured for KRB5 use.  (ie, no Kerberos 5 keytab file is provided)
> 
>       I have a similar issue. I'd like to be able to prefer 128-bit ciphers
> first, 168-bit ciphers second, and 56-bit ciphers lowest. Perhaps we can
> come up with one solution that meets both of our requirements. I'd suggest
> adding two hooks, one to control what ciphers are advertised to the client
> and one to select which common cipher is actually used.

Adding callbacks such as these might be nice, but they are hardly
required for my needs.  The application can't alter whether or not
KRB5 credentials are available; and in many cases would have no idea
whether or not OpenSSL even support KRB5.



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]