Hi Kyle, regarding your hint: > SSL[_CTX]_set_cipher_list((is_ctx ? ctx : ssl),"STRONG:@STRENGTH") is > your friend. I believe it defaults to essentially "NONE", but I could > be wrong on that one -- I just know that "unable to negotiate a shared > cipher" means that the cipher list sent by the client has a null union > with the cipher list supported by the server. >
with the error I cited in my other mail, I used SSL_CTX_set_cipher_list( ctx, "ALL:DEFAULT:LOW" ) I checket this by typing openssl ciphers -v "ALL:DEFAULT:LOW" and saw, this is a list of > 50 ciphers. So, for my /experiments/ this should not be the source of problems, right? Of course, a /productive/ quality server shall use "STRONG:@STRENGTH". But I think, I'm still far away from reducing some protocol offers. The recent trouble is: SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A :-( I'd appreciate _any_ further hint or help, next days. with best regards, Modem Man ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org