Yes, I did this by
DH *dh ;
BIO *bio ;
bio = BIO_new_file("dhp.pem", "r") ;
dh = (DH*)PEM_read_bio_DHparams(bio, NULL, NULL, NULL) ;
BIO_free(bio) ;
if(dh == NULL)
dh=get_dh512(); //copied from s_server
SSL_CTX_set_tmp_dh(m_pCtx, dh) ;
SSL_CTX_set_options(m_pCtx, 0);
Also since I debuged s_server I noticed that ssl3_choose_cipher picks
EDH-DSS-DES-CBC3-SHA for the cipher, I tried to set it myself but this
still does not work.
SSL_CTX_set_cipher_list(m_pCtx, "EDH:DSS:DES:CBC3:SHA");
I am lost..........
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Friday, March 10, 2000 6:47 PM
To: Grebelsky, Konstantin; [EMAIL PROTECTED]
Subject: Re: DSA certificate and cipher list setup?
Grebelsky, Konstantin <[EMAIL PROTECTED]>:
> I have created certificate and priv key as follows:
> openssl.exe dsaparam 512 -out dsa512.pem
> openssl req -config req.cnf -x509 -newkey dsa:dsa512.pem -out DsaCa.pem
>
> When I do SSL_connect ... and on the server side SSL_accept the accept
call
> fails
> on c=ssl3_choose_cipher(s,s->session->ciphers,
> ssl_get_ciphers_by_id(s));
Do you set an ephemeral DH key (e.g. by calling SSL_CTX_set_tmp_dh)?
This is required by DSA ciphersuites.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
