On Thu, Nov 11, 2004 at 01:01:03PM +0100, kankedu wrote:
> Thanks, both of you. Unfortunately I see that I wasn't precise enough as to
> what the problem was.
>
> I know how to use SSL_CTX_set_cipher_list. The problem is that the second
> parameter, the cipher list (char*), doesn't accept explicit ciphers (as for
> example "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"), only classes of ciphers (as for
> example "RSA", "DSS", etc).
>
> So I need a way to state this cipher explicitly. Most probably I need to use
> some other function, or maybe there is some undocumented way to write a
> cipher(1) string to except only one cipher. Can anyone help on either of the
> two approaches?
If your read further on the cipher(1) manual page you will find the
following line:
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
So the string to give is "EDH-RSA-DES-CBC3-SHA".
Regards,
Lutz
> >===== Original Message From "Greaney, Kevin" <[EMAIL PROTECTED]> =====
> >Hi,
> > I would start at the following page in the documentation:
> >
> > http://www.openssl.org/docs/ssl/SSL_get_ciphers.html
> >
> >It not only gives you the details for get_ciphers, but it also
> >provides link to the related APIs.
> >
> >Kevin.
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of kankedu
> >Sent: Thursday, November 11, 2004 4:55 AM
> >To: openssl-users
> >Subject: cipher list
> >
> >Hi,
> >
> >I want to tell my client to only use certain ciphers, and I have found
> >just
> >the funtion for doing so:
> >
> > SSL_CTX_set_cipher_list(*ctx, "RSA");
> >
> >However, this doesn't give me good enough control on exactly which
> >ciphers to
> >use, only classes. E.g. I cannot write
> >"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" as
> >a second argument to ONLY use that cipher. Does anyone know another way
> >to
> >solve this problem? Otherwise I'll put it down as a feature request, I
> >guess.
> >
> >Thanks,
> >
> >Johannes
> >
> >______________________________________________________________________
> >OpenSSL Project http://www.openssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
> >______________________________________________________________________
> >OpenSSL Project http://www.openssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
