Juan Carlos Castro y Castro <[EMAIL PROTECTED]>:
> Now I researched and learned (correct me if I'm wrong please) that I
> can't ignore the server certificate if I'm using RSA as the key
> exchanger. I'll have to use DH if I want a "thin" SSL client.
> Another thing: I used "openssl s_client -connect XXX:xx -cipher NNN" against
> an Apache/OpenSSL I installed myself (with the default options). It refuses
> any cipher that has DH in it.
Stronghold has had DH ciphers for quite some time, and now they are
also available in mod_ssl; I think they're not yet supported by
Apache-SSL.
> I don't want my thin client not to be able to connect to the vast majority of
> the https servers out there.
Then you do need RSA; most servers don't have anything else.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
