Hello,
> > Well ... In that case,
> > A] how is it that s_server and s_client can
> > communicate
> > 1) Using the same ssl library
> > 2) Using the same certificates
> > 3) Using the same cipher suits
>
> You mean can't , don't u? That is bcoz SSL protocol
> itself is different in the export case. As Steve
> mentioned there is an additional key exchange stage,
> kex in the case of export ciphers.
>
> [Urjit]: Nops. I mean that they can! and thats why I am confused. Not just
> that, but even my sample client can connect to the s_server with same
> certificate and same cipher suite
SSL protocol differs in server_key_exchange packet
(with may be used not only for export restriction).
This requires temporary RSA key in context.
If you add to server initialization routine something like:
RSA *rsa;
rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
ExitPostmaster(1);
}
RSA_free(rsa);
your code will work.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
