>
> Thank you for your response. I'm sorry to bother again, but I'm still not sure what
>I am doing wrong so can someone answer this question:
>
> What do I need on the server side to get "openssl s_client -cipher
>EDH-DSS-DES-CBC3-SHA" to handshake properly? (I assume that I don't need a
>certificate on the client side.)
>
> This is what I currently do on the server side:
> From the apps directory (this is Windows 2000), I run
> ..\out32dll\openssl s_server
> to just start up a default server (which I believe uses the default "server.pem"
>certificate file).
>
> On the client side, I run (from the out32dll directory)
> openssl s_client -cipher EDH-DSS-DES-CBC3-SHA
> and it doesn't handshake.
>
> What certificate file should I be using for this cipher designation? Does this work
>for everyone else?
>
You need a DSA certificate and private key to do this. There isn't a
specific sample DSA server certificate but you can use the dsa-pca.pem
CA certificate in the apps directory for this, though it has expired.
That is from the apps directory:
..\out32dll s_server -cert dsa-pca.pem
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
