On 5/23/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> I'm new newbie in openssl, I am trying at the begining to make some
> tests on the performance using different cipher suites, but I have
> problem when I'm trying to enable the AES cipher suites :
> AES128-SHA
> AES256-SHA
> which are TLSv1 extending ciphersuits. I add them to the cipher list
> as follow :
>
> ...
> ctx=SSL_CTX_new(SSLv23_method()); //or
> SSL_CTX_new(TLSv1_method());
> SSL_CTX_set_options(ctx, SL_OP_ALL);
> ...
> SSL_CTX_set_cipher_list(ctx, "AES128-SHA:AES256-SHA");
> ...
>
> but when doing so the client and the server don't agree on any
> ciphers, I know that from the SSL_get_cipher(ssl) function that gives
> me NULL when adding the AES ciphers. knowing that adding other ciphers
> ( like DES-CBC3-SHA or RC4-SHA ..) produces no problem. Furthermore,
> from the command line when calling:
>
> openssl ciphers -v
>
> I get the AES128-SHA , AES256-SHA among the supported cipher suites.
> I'm using openssl-0.9.8b with the options : shared no-asm zlib-dynamic
> I found the same problem announced in the users list on 2005-12-05 by
> Vijay K. Gurbani, but there were no answer for the question at that
> time.
AES256-SHA means also RSA key_exchange. Are you setting
private RSA keys, certificate, and CA certificate also in SSL context ?
does this imply that when I want to use EDH for key exchange that the cipher
will not be able to be AES*? I wanted to use EDH for forward secrecy reasons.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
