Hi, Thanks for the reply.> > Urjit, > > > > I got it working once I replaced > > "EXP-DES-CBC-SHA" with > > "DES-CBC-SHA" > > > > I think you might have to do something special to > > enable export quality ciphers. > > > > They can place restrictions on the size of the RSA key used for kex exchange. > That means that if the key in the certificate is larger than the limit a > temporary RSA key is used instead. You need to supply that. > Well ... In that case, A] how is it that s_server and s_client can communicate 1) Using the same ssl library 2) Using the same certificates 3) Using the same cipher suits
B] How is it that my sample_client connects to s_server using "EXP-DES-CBC-SHA" ? Does this mean that ristrictions are applied only at the server side? Or is it just that the server is the first one to process the certificate and fails to do so due to different RSA key size, and s_server somehow manages to handle exportable cipher suite and the presented certificate (?) ? Another question is: Is it only the key size restrictions or something else as well, that is different between EXP-DES-CBC... and DES-CBC... ? Also, what are the general scenarios when one would prefer an exportable cipher suite over non-exportable cipher suits? > Steve. ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
