Re: Handshake Failure with some ciphers

[Verdon Walker]

Thank you for your response. I'm sorry to bother again, but I'm still not sure what I am doing wrong so can someone answer this question:   What do I need on the server side to get "openssl s_client -cipher EDH-DSS-DES-CBC3-SHA" to handshake properly? (I assume that I don't need a certificate on the client side.)   This is what I currently do on the server side: From the apps directory (this is Windows 2000), I run     ..\out32dll\openssl s_server to just start up a default server (which I believe uses the default "server.pem" certificate file).   On the client side, I run (from the out32dll directory)     openssl s_client -cipher EDH-DSS-DES-CBC3-SHA and it doesn't handshake.   What certificate file should I be using for this cipher designation? Does this work for everyone else?   Thanks again for your help.   Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com >>> [EMAIL PROTECTED] 04/12/01 12:19PM >>> On Thu, Apr 12, 2001 at 11:18:25AM -0600, Verdon Walker wrote: > This is very true, but in the case I am testing both sides are running the exact same version of openssl.exe. (One side as the server and one as the client.) Certainly, the same version of openssl.exe should be supporting the same cipher suites, shouldn't it? From the "compiled in" point of view, yes. However: for a cipher to be usable, the cipher must be compiled in _and_ the necessary certificates must be present. So for cipher with RSA authentication, a RSA certificate must be present on the server side, for a cipher with DSA authentication, a DSA certificate must be present on the server side. All DSA ciphers and some RSA ciphers (with EDH) also do need DH parameters. Openssl s_server has built in DH-parameters, so the last point cannot be your problem. Best regards,     Lutz -- Lutz Jaenicke                             [EMAIL PROTECTED] BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project                                 http://www.openssl.org Development Mailing List                       [EMAIL PROTECTED] Automated List Manager                           [EMAIL PROTECTED]