> Well ... In that case, > A] how is it that s_server and s_client can > communicate > 1) Using the same ssl library > 2) Using the same certificates > 3) Using the same cipher suits
You mean can't , don't u? That is bcoz SSL protocol itself is different in the export case. As Steve mentioned there is an additional key exchange stage, kex in the case of export ciphers. [Urjit]: Nops. I mean that they can! and thats why I am confused. Not just that, but even my sample client can connect to the s_server with same certificate and same cipher suite > > B] How is it that my sample_client connects to > s_server using > "EXP-DES-CBC-SHA" ? Does this mean that ristrictions > are applied only at the > server side? Or is it just that the server is the > first one to process the > certificate and fails to do so due to different RSA > key size, and s_server > somehow manages to handle exportable cipher suite > and the presented > certificate (?) ? In fact I commented out ur client cert stuff. Server is king in SSL. :-) Client hardly matters. [Urjit]: Oh yes. I got confused a little earlier. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
