Hi, I'm using 0.9.5a, but this should be easy to check in 0.9.6: The no_tmp_rsa flag in s_server is ignored. There is an "#if 1" that forces a callback to be used (which ignores the flag), blocking the code that would test the flag before setting a value. Simply grep for no_tmp_rsa in s_server.c and you'll see the problem, it's obvious. The simplest fix (imho) is to make setting the callback conditional on the flag - if the callback is not set then corresponding ciphers suites are not used. Andrew ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
