Thank you for your response. I'm
sorry to bother again, but I'm still not sure what I am doing wrong so
can someone answer this question:
What do I need on the server side to get "openssl s_client
-cipher EDH-DSS-DES-CBC3-SHA" to handshake properly? (I assume that I don't need
a certificate on the client side.)
This is what I currently do on the server side:
From the apps directory (this is Windows 2000), I
run
..\out32dll\openssl s_server
to just start up a default server (which I believe uses the
default "server.pem" certificate file).
On the client side, I run (from the out32dll
directory)
openssl s_client -cipher
EDH-DSS-DES-CBC3-SHA
and it doesn't handshake.
What certificate file should I be using for this cipher
designation? Does this work for everyone
else?
Thanks again for your help.
Verdon Walker
(801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com >>> [EMAIL PROTECTED] 04/12/01 12:19PM >>> On Thu, Apr 12, 2001 at 11:18:25AM -0600, Verdon Walker wrote: > This is very true, but in the case I am testing both sides are running the exact same version of openssl.exe. (One side as the server and one as the client.) Certainly, the same version of openssl.exe should be supporting the same cipher suites, shouldn't it? From the "compiled in" point of view, yes. However: for a cipher to be usable, the cipher must be compiled in _and_ the necessary certificates must be present. So for cipher with RSA authentication, a RSA certificate must be present on the server side, for a cipher with DSA authentication, a DSA certificate must be present on the server side. All DSA ciphers and some RSA ciphers (with EDH) also do need DH parameters. Openssl s_server has built in DH-parameters, so the last point cannot be your problem. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] |
- Handshake Failure with some ciphers Verdon Walker
- Re: Handshake Failure with some ciphers Dr S N Henson
- Re: Handshake Failure with some ciphers Verdon Walker
- Re: Handshake Failure with some ciphers Lutz Jaenicke
- Re: Handshake Failure with some ciphers Verdon Walker
- Re: Handshake Failure with some ciphers Dr S N Henson
- Re: Handshake Failure with some ciphers Greg Stark
- Re: Handshake Failure with some ciphers Dr S N Henson