RE: AES ciphers, are they supported?

Wed, 24 May 2006 03:52:49 -0700

hello,
 
thanks again
I tried your proposal to add "AES256-SHA:AES128-SHA:NULL-MD:NULL-SHA" as a cipher list but it didn't work.
here is a part of the SSL related code from the client side containing all parameters used:
BIO *bio;
SSL * ssl;
SSL_CTX * ctx;
char buf[BUF_SIZE] ;
 
c_buf_fill(buf ,BUF_SIZE);
init_OpenSSL();
ctx= SSL_CTX_new(SSLv23_method());
SSL_CTX_load_verify_locations(ctx, CA_FILE,CA_DIR);
SSL_CTX_set_default_verify_paths(ctx);
SSL_CTX_use_certificate_chain_file(ctx,CERT_FILE);
SSL_CTX_use_PrivateKey_file(ctx , CERT_FILE, SSL_FILETYPE_PEM);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER , NULL);
SSL_CTX_set_verify_depth(ctx,4);
if (SSL_CTX_set_cipher_list(ctx , "AES256-SHA:AES128-SHA:NULL-MD:NULL-SHA")!= 1 )
{
fprintf(stderr, "%s is not a supported cipher, CLIENT WILL BE CLOSED \n" ,ciph);
SSL_CTX_free(ctx);
exit (0);
}
bio = BIO_new_connect(127.0.0.1:6000);
BIO_do_connect(bio);
ssl = SSL_new(ctx);
SSL_set_bio(ssl, bio , bio);
SSL_connect(ssl);
printf( " the cipher used by the client : %s\n", SSL_get_cipher(ssl));
if (SSL_get_verify_result(ssl) != X509_V_OK) fprintf(stderr, " certificate verification error ");
...
SSL_write(ssl, buf , strlen(buf));
...
 
About testing my client with the s_server and vice versa , I did it. it seems that there are no problems in my client and server, for more details you can refer to my third message in the thread.
 
Best Regards
 
--Basel


Frédéric Donnat <[EMAIL PROTECTED]> schrieb:
Oups.. sorry, i did not read the whole thread. ;(

I used that with openssl 0.9.8a without any problem.

Maybe this is due to some parameter settings.
here is what i use:
char *cipher_list = "AES256-SHA:AES128-SHA:NULL-MD:NULL-SHA";
/* note: CipherSuite separator ":" */

If you're writing your own client/server, maybe you could send the part of the ode...
You could also test you server with openssl s_client tool, and you client with openssl s_server.

Hope it could help

Fred


Keine Lust auf Tippen? Rufen Sie Ihre Freunde einfach an.
Yahoo! Messenger. Jetzt installieren .

Sie denken an Ihre Sicherheit? Das tun wir auch .

Reply via email to