How use EXP-EDH-DSS-DES-CBC-SHA, ... ciphers.

Tue, 26 Oct 2004 03:53:46 -0700 

Hi,
I have created a server and a client that connection and communicate
well if I use this ciphers:
"NULL-MD5", "NULL-SHA", "EXP-RC4-MD5", "RC4-MD5", "RC4-SHA",
"EXP-RC2-CBC-MD5", "IDEA-CBC-SHA", "EXP-DES-CBC-SHA", "DES-CBD-SHA",
"DES-CBC3-SHA", "AES128-SHA"," AES256-SHA".

Four days ago I asked here that I had problems when I wanted to use the 
EDH-RSA-DES-CBC-SHA, EDH-RSA-DES-CBC3-SHA. 
I get a response that it let me use this ciphers in concret was to add
a call to function PEM_read_DHparams.

Well, now I want to use the other ciphers, how
EXP-EDH-DSS-DES-CBC-SHA, but I haven't got.

I prove the generate other type of keys of this maner:

$openssl dhparam -out dsa_params.pem 1024
$openssl gendsa -out dsa.key -des3 dsa_params.pem

Then the server use a certificate that it has been generated with a
rsa key. The client use the key above and the certificate has been
generate with a certificate request created of dsa.key.
Then I execute the client I got these messages:

2338:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:438:
2338:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
2338:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:707:

For put the certificate and key I have done this function (This
fucntion works well if I use a certificate generated with rsa key).

static int passwd_cb( char *buf, int size, int wrflag, void *userdata )
{
    strcpy( buf, (char*)userdata );
    return strlen( buf );
}

void load_certificate(SSL_CTX *ctx, char *fileCert, char *fileKey,
char *cipherList, char *passphrase )
{

  if (SSL_CTX_use_certificate_file(ctx, fileCert, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
    exit(3);
  }

  if( passphrase != NULL )
    {
      SSL_CTX_set_default_passwd_cb_userdata( ctx, (void*) passphrase );
      SSL_CTX_set_default_passwd_cb( ctx, passwd_cb );
    }


  if (SSL_CTX_use_PrivateKey_file(ctx, fileKey, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
    exit(4);
  }


Thank very much.

Bye.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to