On Fri, Apr 14, 2006, Chris Clark wrote: > > What I tried was to remove all the AES 128 options from ssl/s3_lib.c. > > That seemed to do the trick. I do not know if it has any bad side > > effects though. > > > > Of course, this will only work if you don't need AES 128 at all. > > In my case I have a configuration program which allows users to select > ciphers and the minimum/maximum strengths, so I have not found any > solution to the problem. > > It's been close to two months now, so I'm currently considering > switching to an older version of OpenSSL which does not have the bug. >
Try the next 0.9.8 snapshot. The problem was that all cipher string matches were treated as category matches (strength, algorithm etc) even if the string matched one explicit ciphersuite. That's fine provided no two distinct ciphersuites have the same classification. The problem was triggered by the reclassification of the AES cipher suite strengths in the latest versions of OpenSSL which resulted in some AES ciphersuites having identical classifications. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
