Thanks Marek! One last question, can an algorithm or cipher suite be enabled or disabled on OpenSSL by an user (I mean, without needing to recompile and redistribute OpenSSL binaries)?
Regards, Mateus > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:owner-openssl- > [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: quarta-feira, 5 de março de 2008 05:51 > To: openssl-users@openssl.org > Subject: Re: cipher algorithms > > Hello, > > I have some doubts regarding OpenSSL cipher algorithms and I was > wondering if someone > > could help me with that. > > > > 1) If my understanding is correct, the client sends the list of > supported cipher > > algorithms and the server will choose one algorithm of such list in > order to establish > > the secure channel. Is there some priority for the algorithms? For > instances, will it > > favor AES in lieu DES whenever supported by the client? Or is the > algorithm chosen randomly? > Client should sent most favorite cipher first. But, of course, server > makes the final > decision. Client order of cipher_suites in client_hello is only hint for > server. > > > 2) How is the symmetric key negotiated in OpenSSL? Does it use > Diffie-Hellman or > > RSA? Or does it vary depending on client request? If the second, what is > used if client > > supports both? > Key exchange method is dependent of chosen ciphersuite. > Look at: > $ openssl ciphers -v > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
