> Since anonymous (unauthenticated) ciphersuites are vulnerable to a man
> in the middle attack they are disabled with the default cipher string.
> You need to set a cipher string which has something like "ALL:@STRENGTH"
> in it using SSL_CTX_set_cipher_list() on both client and server.
Thanx. That did the trick. I understand the vurnerability of
man-in-the-middle attack and will likely move to a certificate-based
system in the future.
-rchit
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
