Lutz Jaenicke <[EMAIL PROTECTED]> writes: > On Tue, Feb 03, 2004 at 08:41:23AM +0100, Jostein Tveit wrote: > > What exactly does the comment in ssl/ssl_lib.c mean: > > > > /* works well for SSLv2, not so good for SSLv3 */ > > char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
> Its part of the protocol (SSLv3, TLSv1, ...). The client sends its list of > supported ciphers, based upon which the server decides which cipher to > use. The server never "leaks" the information about the ciphers supported. Yes, I know. So the function SSL_get_shared_ciphers can only be used on the server side. What happen if you try to use it on the client side? Does it only report one common cipher? And what exactly does the comment "works well for SSLv2, not so good for SSLv3" mean? As far as I know, both SSLv2 and SSLv3/TLSv1 client hello include a list with perfered ciphers. -- Jostein Tveit ([EMAIL PROTECTED]) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
