Re: ssl_library_init();

Mon, 29 Jan 2001 08:14:23 -0800 

It is a very secure cipher suite. You might also want to examine RC4-SHA and
RC4-MD5 because they are much faster. Other ciphersuites that offer
excellent security include

DES-CBC3-MD5
IDEA-CBC-SHA
RC4-SHA
RC4-MD5
IDEA-CBC-MD5
RC2-CBC-MD5

You can specify which ciphers your client wants to negotiate by the function
you mentioned and playing arounf  with the openssl ciphers command. For
example, try

SSL_set_cipher_list( ..., "RC4-SHA:RC4-MD5");

and see what happens.


I take NO responsibilty for any comments or opinions on legal issues that
may be present in this e-mail. I am not a lawyer, so you don't rely on
anything I write. Stop reading now. I mean it, stop NOW.

BEGIN LEGAL COMMENTS

idea is patented in various places and offers no advantages so I would avoid
it. RC2 and RC4 are trademarks of RSA Security Inc., so while it should be
OK to use the algorithms you must obey trademark law (in the U.S. at any
rate) if you use their trademarks. I have seen folks try to refer to the
algorithm as ARCFOUR in an attempt to evade trademark issues, but I don't
know if that really works.

END LEGAL COMMENTS

_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________



----- Original Message -----
From: "stuart hodgkinson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 29, 2001 9:56 AM
Subject: ssl_library_init();


> Hi,
>  This function is used to set the cipher suites and in my client and
server test which does both TLSv1 and SSLv3 it always picks DES-CBC3-SHA. Is
this the best chiper suite avialable? If i was to pick another would it be
through the use of SSL_set_cipher_list(SSL *,const char *);?
> As always help is appriciated.
>
> StOo
>
>
>
>
> _______________________________________________________________________
> FSmail - Get your free web-based email from Freeserve: www.fsmail.net
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to