> From: [email protected] On Behalf Of Michael Kurecka > Sent: Thursday, 06 August, 2009 11:30
> Thanks for the help. I was able to determine the list of > ciphers allowed (SSL_CTX_get_cipher_list), the one of those used > (SSL_get_current_cipher) and to set specific ciphers > (SSL_CTX_set_cipher_list). I was only able to get information > for the client. The server doesn't seem to use the SSL_CTX There is no get_cipher_list for SSL_CTX only SSL. (There is set at both levels. A CTX_get would be simple, but it's not there.) You (your code) can't create an SSL object without a SSL_CTX. You might not use it MUCH, but you must have it. (Assuming the server or whatever uses OpenSSL; if not all bets are off.) > object. I tried specifying one of the ciphers in the list > that wasn't the one normally used and it failed. My question > is what determines on the server side which cipher is to be > used or allowed? Is it the authenticator, authentication > server, certificate, etc.? What is allowed may depend on the server, the people who run it, and controls/influences on those people (bosses, customers, regulators). What is used must be in the intersection of what is allowed by the client (in ClientHello) and by the server; if none such handshake fails. If there is more than one such (acceptable to both ends) normally the one earliest in the client list should be chosen; I haven't checked or tested if OpenSSL server-mode (consistently) does this. What exactly do you mean "it failed"? If you specify at one end only one ciphersuite and that is not allowed at the other end, of course SSL can't negotiate an agreed ciphersuite. Usually the easiest way to test cases like this is to run s_client to your server, or your client to s_server, or both if applicable, to control and see exactly what is requested and negotiated. Technically server authentication is optional in SSL3/TLS; in practice many clients and users expect or require it. The server can only authenticate in an algorithm for which it has a keypair and cert: RSA if it has RSA, DSA if it has DSA, ECDSA if it has ECDSA. It can have more than one if the people who run it want (and are allowed) to offer a choice. If you don't need server auth there are anon-(EC)DH suites. Implementations such as OpenSSL may support only subsets of the specified ciphersuites. Sometimes this just timing; when new ciphers, or other features, are defined, it takes a while for them to be implemented and then released, used, and deployed. An implementation or (specific) application can be further restricted by configuration, like set_cipher_list in OpenSSL. Such limits may be due to legal issues, real or imagined: back before the RSA patent expired some people either were scared of enforcement or objected to such patents on principle; the same seems to still hold for IDEA. This may vary by country. Through roughly the late'90s the US classified cryptography as a "munition" and under ITAR it was at least supposedly illegal to export encryption (as opposed to signature or authentication) algorithms stronger than 40 bits; European "Wassenaar arrangement" countries had similar restrictions. France had limitations on what encryption its nationals were allowed to use. I'm sure there were many more; those were just the most famous. Sensible governments have now accepted crypto use, but experience teaches that expecting all governments to always be sensible is unwise. Nowadays this goes much more the other direction. Many people and businesses by policy won't use algorithms and especially keysizes considered weak or vulnerable. The Payment Card Industry consortium (essentially Visa, MasterCard, AmEx and Discover) requires systems handling credit and debit card transactions have security measures including effectively AES128 or TDEA(168). Various laws require various classes of organizations to use adequate technical security, which in practice usually includes certain crypto algorithms although the law isn't that specific: FISMA (+NIST) for US civilian government agencies and contractors/vendors; HIPAA for most of the healthcare system; GLBA for financial institutions; etc. I'm only familiar with US laws but I'm sure there are comparable ones in other developed countries and particularly the EU. What was your question again? :=} ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
