You urself answered it just now! :-) The client doesn't matter, so you can connect to s_server...
--- Urjit Gokhale <[EMAIL PROTECTED]> wrote: > > Well ... In that case, > > A] how is it that s_server and s_client can > > communicate > > 1) Using the same ssl library > > 2) Using the same certificates > > 3) Using the same cipher suits > > You mean can't , don't u? That is bcoz SSL protocol > itself is different in the export case. As Steve > mentioned there is an additional key exchange stage, > kex in the case of export ciphers. > > [Urjit]: Nops. I mean that they can! and thats why I > am confused. Not just > that, but even my sample client can connect to the > s_server with same > certificate and same cipher suite > > > > > B] How is it that my sample_client connects to > > s_server using > > "EXP-DES-CBC-SHA" ? Does this mean that > ristrictions > > are applied only at the > > server side? Or is it just that the server is the > > first one to process the > > certificate and fails to do so due to different > RSA > > key size, and s_server > > somehow manages to handle exportable cipher suite > > and the presented > > certificate (?) ? > > In fact I commented out ur client cert stuff. Server > is king in SSL. :-) Client hardly matters. > > [Urjit]: Oh yes. I got confused a little earlier. > > > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential > information which is the property of Persistent > Systems Pvt. Ltd. It is intended only for the use of > the individual or entity to which it is addressed. > If you are not the intended recipient, you are not > authorized to read, retain, copy, print, distribute > or use this message. If you have received this > communication in error, please notify the sender and > delete all copies of this message. Persistent > Systems Pvt. Ltd. does not accept any liability for > virus infected mails. > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
