On Tue, 16 Sep 2008, Hari Naik wrote:
>
> 1. While handshaking between client and server, using
> SSL_get_cipher I am able to see only one cipher always (i.e DES-CBC3-
> SHA). I learnt from the books/articles that openSSL uses many
> ciphers in the library and able to change the ciphers every time for
> each session /connection.
>
SSL_get_cipher() is a macro defined in openssl/ssl.h
(i'm using openssl 0.9.8g)
#define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
and
SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))
return(s->session->cipher);
return(NULL);
}
As you can see in the code above, the cipher for current session is
returned. And for the current session the NIST standard is followed,
which is DES-CBC3-SHA .
Yes, openSSL supports many ciphers. The selection/choice of cipher
depends on the capabilities of the client and server and the associated
exchange. There is no magic here !
thanks
Saifi.
