On Tue, May 19, 2009 at 09:44:23AM +0530, Neetu Agrawal wrote:
> Thanks for suggestion but may be i didnt put my query in right way . I want
> that client initiate the request and server listen the request but the
> roles of server and client get exchanged during the key genration to
> offload the server from key decryption operation.
That is not the SSL protocol. Feel free to invent, implement and
popularize your own protocol. The key exchange algorithms in OpenSSL are:
- RSA key exchange (server decrypts key) kRSA
- ephemeral Diffie-Hellman key exchange kEDH
- ephemeral elliptic-curve DH key exchange kEECDH
- ECDHe and ECDHr "fixed" DH variants kECDH
In practice most clients you do not control (i.e. Windows desktops)
will only support these two ciphers:
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
If you control the clients, you probably don't need to defend yourself
against server CPU DoS. What is the real problem you are trying to solve?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
