Hello,
> I used SSL_CTX_set_cipher_list() to try all kinds of ADH plus aNULL, eNULL,
> NULL and ALL.
> The connection still could not be setup without server certificate.
On server side:
- generate DH parameters file:
# openssl dhparam 512 -out dhparm.pem
- add code to initialize SSL_CTX structure:
static DH *load_dh_param(const char *dhfile)
{
DH *ret=NULL;
BIO *bio;
if ((bio=BIO_new_file(dhfile,"r")) == NULL){
goto err;
}
ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
err:
if (bio != NULL){
BIO_free(bio);
}
return(ret);
}
..
..
SSL_CTX *ctx;
DH *dh;
..
..
if((dh=load_dh_param("dhparam.pem")) == NULL){
ERR_print_errors_fp(stderr);
goto err;
}
SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
if(!SSL_CTX_set_cipher_list(ctx,"ADH")) {
ERR_print_errors_fp(stderr);
goto err;
}
..
..
On client side:
- add code to initialize SSL_CTX structure:
if(!SSL_CTX_set_cipher_list(ctx,"ADH")) {
ERR_print_errors_fp(stderr);
goto err;
}
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
