The server attempts to choose the 'most-preferred' cipher suite which it supports. The client sends a list of cipher suites it can use, with the left-most cipher suite being the most preferred.
On the client-side you want to use SSL_CTX_set_cipher_list(ctx, "Your cipher suite list here"). Cipher suites are colon (:) delimited. --Will > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael Kurecka > Sent: Thursday, August 06, 2009 10:30 AM > To: [email protected] > Subject: Re: tlsv1_method implementation > > Thanks for the help. I was able to determine the list of > ciphers allowed (SSL_CTX_get_cipher_list), the one of those used > (SSL_get_current_cipher) and to set specific ciphers > (SSL_CTX_set_cipher_list). I was only able to get information > for the client. The server doesn't seem to use the SSL_CTX > object. I tried specifying one of the ciphers in the list > that wasn't the one normally used and it failed. My question > is what determines on the server side which cipher is to be > used or allowed? Is it the authenticator, authentication > server, certificate, etc.? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
