Need to use 3des not des

Wed, 03 Oct 2001 14:05:59 -0700 

Hello,

I have compiled and run a demo program that encrypts a string of text
and sends it across a socket connection where it is encrypted. This is
obviously using the ssl.h library. 

What I need to do is change the encryption from DES to 3DES.
I cannot yet figure out where to do this. Is there a chance that this
information may be stored in the certificate on the server? I noticed
that it has a field for AU which would have to be ENC to allow for 3des,
but then would I have to generate a new certificate(if so where do I
begin) or is it simply somewhere in the code?
here's some of the code:
  SSL_CTX* ctx; //defined above

...main body...

  SSL_load_error_strings();
  SSLeay_add_ssl_algorithms();

  meth = SSLv23_server_method();

  ctx = SSL_CTX_new (meth);
if (!ctx) {
    ERR_print_errors_fp(stderr);
    exit(2);
  }
  
  if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
    exit(3);
  }
  if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
    exit(4);
  }

  if (!SSL_CTX_check_private_key(ctx)) {
    fprintf(stderr,"Private key does not match the certificate public
key\n");
    exit(5);
  }

/* ----------------------------------------------- */
<SNIP>
  /* TCP connection is ready. Do server side SSL. */

  ssl = SSL_new (ctx);                           CHK_NULL(ssl);
  SSL_set_fd (ssl, sd);
  err = SSL_accept (ssl);                        CHK_SSL(err);

/* Get the cipher - opt */
  
  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
    
 
  /* Get client's certificate (note: beware of dynamic allocation) - opt
*/


  client_cert = SSL_get_peer_certificate (ssl);
  if (client_cert != NULL) {
    printf ("Client certificate:\n");
    
    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
    CHK_NULL(str);
    printf ("\t subject: %s\n", str);
    Free (str);
    
    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
    CHK_NULL(str);
    printf ("\t issuer: %s\n", str);
    Free (str);
    
    /* We could do all sorts of certificate verification stuff here
before
       deallocating the certificate. */
    
    X509_free (client_cert);
  } else
    printf ("Client does not have certificate.\n");

..ETC.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to