I forgot to mention that I even reverted to the original demos/ssl/*.cpp
files to check if it was my alterations that broke it. But the originals
don't like the DSA certs either.
I read that disabling RSA, RC5 and IDEA could break some browsers, but in
this case both sides are compiled with the same libssl....
Rogier
> -----Oorspronkelijk bericht-----
> Van: Rogier Mulhuijzen
> Verzonden: vrijdag 24 maart 2000 12:08
> Aan: '[EMAIL PROTECTED]'
> Onderwerp: DSA based certificates break the ssl demos
>
> Hi,
>
> I'm working on converting an application to SSL. But to make sure
> everything goes right I started out with altering the demos/ssl/*.cpp
> files. Altered things like making the socket non-blocking.
>
> After doing getting this to work I started thinking about certificates,
> and started experimenting with becoming a CA and making my own
> certificates. Doing that I realised that using RSA based stuff would mean
> getting a license for use within the US (or other countries too) and since
> I'm planning on using it there I decided to rebuild openSSL with no-rsa
> no-rc5 no-idea just to be on the safe side.
>
> I then made my certificates and tried verifying them and lo behold, it all
> worked.
>
> THEN I replaced the certificate&privatekey files in the demos/ssl
> directory because the original ones were RSA based and thus didn't work
> anymore.
>
> I had to ditch SSLv2_client_method for v3, to recompile, but after that I
> couldn't get the client to connect to the server. The message I get is:
>
> 395:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:769:
>
> This persists even if I use SSL_set_cipher_list (ssl, "ALL");
>
> I have also tried TLSv1 client/server methods, but it all fails.
>
> HELP!!!!
>
> Rogier R. Mulhuijzen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
