Thanks for the clarifications. It really helped me to understand better. On Tue, Oct 28, 2014 at 7:44 PM, Richard Könning < richard.koenn...@ts.fujitsu.com> wrote:
> Am 25.10.2014 13:55, schrieb Jaya Nageswar: > >> >> 2. In general, if we have SSLv23 protocol at both client and Server, How >> does the protcol negotiation happens? I have been reading that the >> client sends a client_hello message along with the other protocols >> supported and the cipher suites. The Server then sends its supported >> protocols/cipher suites and selects the highest protocol supported by >> client and Server in the order. Is my understanding correct? >> > > The client sends in the client_hello the highest SSL/TLS version it > supports and a list of supported cipher suites. > The server selects the highest protocol version compatible with the client > abilities and selects one of the cipher suites the client offers and the > server supports too. In older OpenSSL versions the server selects the first > cipher suite in the list offered by the client, i.e. the client has strong > influence which cipher suite is selected. > In newer OpenSSL versions (don't ask me which ones, maybe its even only a > proposal for future OpenSSL versions) afair there is a possibility that the > server uses some other rules for selecting a cipher suite (i did a quick > look for appropriate OpenSSL functions, but up to now i didn't find one > which allows to influence the server as described before.) > Best regards, > Richard > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
