Re: Handshake Failure with some ciphers

[Verdon Walker]

This is very true, but in the case I am testing both sides are running the exact same version of openssl.exe. (One side as the server and one as the client.) Certainly, the same version of openssl.exe should be supporting the same cipher suites, shouldn't it?   BTW, I forgot to mention that this is a completely clean build of 0.9.6a. (I just downloaded it and built it yesterday.)   Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com >>> [EMAIL PROTECTED] 04/12/01 11:12AM >>> > > I wrote a little batch file to check that I can handshake with ALL the ciphers that are output from an "openssl ciphers" command. (BTW, I am running on a Windows 2000 box with the latest 0.9.6a build.) Unfortunately, some of the ciphers do > not seem to work when passed in using an "openssl s_client -cipher XXX-XXX-XXX" command. (I am running a standard "openssl s_server" in another window.) >  [tests deleted] >  > Any help diagnosing the problem would be greatly appreciated. Thanks. >  There isn't necessarily a problem at all. An SSL or TLS implementation is not guaranteed to support all ciphersuites so if the two sides do not share a common ciphersuite a handshake error will occur. Current versions of Netscape, MSIE for example do not support DHE ciphersuites at all. [BTW This is likely to change in future because I've donated DHE code to the Mozilla project so it should support DHE ciphersuites at some point] Steve. -- Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the   OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project                                 http://www.openssl.org Development Mailing List                       [EMAIL PROTECTED] Automated List Manager                           [EMAIL PROTECTED]