Hi 
I have to interface with a client running
TLS_RSA_WITH_3DES_EDE_CBC_SHA1. My Questions are:

1) Which part  in my Server's program dictate using this
TLS_RSA_WITH_3DES_EDE_CBC_SHA1, 
   beside calling TLSv1_method ?? It seem to me the certificate will
dictate what Asymmetric/symmetric/hash
   ... will be used. Is it correctly ???

2) For Ephemeral keying, because DH is not involved at all, so that the
ephemeral Diffie-Hellman is not an option. It forces me to add in server
initialization routine something like :
 
       SSL_CTX_set_options(ctx,
SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_EPHEMERAL_RSA)

       RSA *rsa;
       rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL);
       if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
               ExitPostmaster(1);
       }
       RSA_free(rsa);

 IS THAT ALL in Server side ???

3) What happen if my client had RSA with less that 2048 bit ?? For me,
it does not matter ( e.g. not break any connection) because in RSA case,
the client will use Server Ephemeral key to encrypt the Pre-Master key.
Is it correctly ???

Please help. I am still on learning mode.

TD

Reply via email to