On Thu, May 11, 2006 at 09:30:16AM +0100, Mark wrote:
> Hi,
>
> > For a client that wants a secure channel with a given server, what is
> > the best way to enforce a lower bound on the RSA key size of
> > the server certificate?
>
> You can use the SSL_(CTX_)_set_cipher_list() functions to restrict which
> ciphers can be used.
I am afraid you are answering the wrong question. Does anyone check the
key strength of the peer's public keys? How do you deal with the various
public key types that might be found (DSA, RSA, ECDSA, ...)? Or does one
instead expect that anything the peer was fool enough to have signed
by a mutually trusted CA is strong enough?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
