>
> I wrote a little batch file to check that I can handshake with ALL the ciphers that
>are output from an "openssl ciphers" command. (BTW, I am running on a Windows 2000
>box with the latest 0.9.6a build.) Unfortunately, some of the ciphers do
> not seem to work when passed in using an "openssl s_client -cipher XXX-XXX-XXX"
>command. (I am running a standard "openssl s_server" in another window.)
>
[tests deleted]
>
> Any help diagnosing the problem would be greatly appreciated. Thanks.
>
There isn't necessarily a problem at all. An SSL or TLS implementation
is not guaranteed to support all ciphersuites so if the two sides do not
share a common ciphersuite a handshake error will occur.
Current versions of Netscape, MSIE for example do not support DHE
ciphersuites at all.
[BTW This is likely to change in future because I've donated DHE code to
the Mozilla project so it should support DHE ciphersuites at some point]
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
