I can partially answer question #1. Yes, the client send the list of
ciphers it supports to the server. The server will then pick the
'strongest' cipher from the list for negotiating the session. The
priority is based on strength, best I can tell and differ between
server implementations.
Hello,
I have some doubts regarding OpenSSL cipher algorithms and I was
wondering if someone
could help me with that.
1) If my understanding is correct, the client sends the list of
supported cipher
algorithms and the server will choose one algorithm of such list in
order to
PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: quarta-feira, 5 de março de 2008 05:51
To: openssl-users@openssl.org
Subject: Re: cipher algorithms
Hello,
I have some doubts regarding OpenSSL cipher algorithms and I was
wondering if someone
could help me with that.
1) If my understanding
Thanks Marek!
One last question, can an algorithm or cipher suite be enabled or
disabled on OpenSSL by an user (I mean, without needing to
recompile and redistribute OpenSSL binaries)?
You can definitively disable an algorithm by not including it in the
libraries. Most programs that use
that. Your answer reinforces that.
Thanks,
Mateus
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-openssl-
[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: quarta-feira, 5 de março de 2008 09:12
To: openssl-users@openssl.org
Subject: RE: cipher algorithms
Thanks Marek
Surely http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html.
G.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baur, Mateus
(Brazil RD-CL)
Sent: 05 March 2008 12:25
To: openssl-users@openssl.org
Subject: RE: cipher algorithms
Yes, I know
Hello,
One last question, can an algorithm or cipher suite be enabled or
disabled on OpenSSL by
an user (I mean, without needing to recompile and redistribute OpenSSL
binaries)?
Yes, from server or client point of view you can control this with
SSL_CTX_set_cipher_list() function call.
Best
