I have written a client program in which I allow the user to configure
which cipher groups they want to allow as well as a cipher strength of
low, medium, or high.
The problem is I can't find a way of selecting the order in which I
want the cipher negotiated. For example if all ciphers are enabled in
the configuration, I would perfer if AES is selected during
negoitation.
Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers
from a group (IDEA and ADH). I also remove AES at the beginning (Shif
+="-AES:") and add it later because if I don't remove AES there is no
way to separate AES128 and AES256.
(Due to an OpenSSL bug, HIGH selects both AES128 and AES256)
Here is the code:
if (g_MaxC>=2 && g_MinC<=2)
{
Shif+="HIGH:";
}
if (g_MaxC>=1 && g_MinC<=1)
{
Shif+="MEDIUM:";
}
if (g_MaxC>=0 && g_MinC<=0) Shif+="LOW:EXP:";
Shif+="!IDEA:!ADH:";
Shif +="-AES:";
if (g_MaxC>=2 && g_MinC<=2 && g_AES)
{
Shif
+="AECDH-AES256-SHA:AES256-SHA:DHE-DSS-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:";
Shif
+="ECDHE-RSA-AES256-SHA:ECDH-RSA-AES256-SHA:";
}
if (g_MaxC>=1 && g_MinC<=1 && g_AES)
{
Shif
+="AECDH-AES128-SHA:AES128-SHA:DHE-DSS-AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:";
Shif
+="ECDHE-RSA-AES128-SHA:ECDH-RSA-AES128-SHA:";
}
if (!g_RC2) Shif += "-RC2:";
if (!g_RC4) Shif += "-RC4:";
if (!g_DES) Shif += "-DES:";
if (!g_3DES) Shif += "-3DES:";
if (!g_AES) Shif += "-AES:";
lfb->SetContextChipers(Shif.GetBuffer(255));
The result that when all ciphers are enabled, the client and sever
negotitate a 3DES protocol. If I disable 3DES, then they negotiate
using RC4.
Is there a way I can force the client to negotiate using AES as the
perfered method, and if the server will not allow AES then it selects
some other cipher?
-Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
