In my zeal to quickly help you, I forget to switch the cipher string after I cut-n-pasted into my reply. My apologies. Read the file SSL_CTX_set_cipher_list.pod in the OpenSSL/doc/ssl directory for further information on that function call.
Here's the correct call for your purpose: SSL_CTX_set_cipher_list(yourCTX, "DES-CBC3-SHA"); The cipher list is a colon separated list of ciphers in order of connection preference. There are quite a few options you can use when choosing ciphers. Note that this affects only the cipher used for the SSL connection itself, not which cipher was used in the certificate. HTH, Rob -----Original Message----- From: Aaron Kronis [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:35 AM To: [EMAIL PROTECTED] Subject: RE: DES - 3DES (novice) Thanks Robert. I think it worked, does this look correct to you?(or anyone) -----output---- Connection from 100007f, port e904 SSL connection using RC4-MD5 Client does not have certificate. Got 23 chars:'Hello World! Encrypt me' -----end------- (is it in fact 3des now? I've been at http://www.openssl.org/docs/apps/ciphers.html to see if it looks right. but I can't tell. it reports RC4-MD5 but not DES-CBC3-SHA...I don't understand the syntax in the call. (can you please explain how RC4-MD5 is on the left of the colon':' and how it is used with the DES-CBC3-SHA on the right? If this IS right, then will I need to create a working certificate for the client next? SSL_CTX_set_cipher_list(yourCTX, "RC4-MD5:DES-CBC3-SHA"); Thanks very much, I'm sure this is simple and I just need to get these few answers to move forward. Aaron -----Original Message----- Here's an example: SSL_CTX_set_cipher_list(yourCTX, "RC4-MD5:DES-CBC3-SHA"); HTH, Rob ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ***************************************************************** DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
