Hi I have to interface with a client running TLS_RSA_WITH_3DES_EDE_CBC_SHA1. My Questions are:
1) Which part in my Server's program dictate using this TLS_RSA_WITH_3DES_EDE_CBC_SHA1, beside calling TLSv1_method ?? It seem to me the certificate will dictate what Asymmetric/symmetric/hash ... will be used. Is it correctly ??? 2) For Ephemeral keying, because DH is not involved at all, so that the ephemeral Diffie-Hellman is not an option. It forces me to add in server initialization routine something like : SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_EPHEMERAL_RSA) RSA *rsa; rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL); if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){ ExitPostmaster(1); } RSA_free(rsa); IS THAT ALL in Server side ??? 3) What happen if my client had RSA with less that 2048 bit ?? For me, it does not matter ( e.g. not break any connection) because in RSA case, the client will use Server Ephemeral key to encrypt the Pre-Master key. Is it correctly ??? Please help. I am still on learning mode. TD