On Fri, Jul 14, 2006, Marek Marcola wrote:
> Hello,
> > > Well ... In that case,
> > > A] how is it that s_server and s_client can
> > > communicate
> > > 1) Using the same ssl library
> > > 2) Using the same certificates
> > > 3) Using the same cipher suits
> >
> > You mean can't , don't u? That is bcoz SSL protocol
> > itself is different in the export case. As Steve
> > mentioned there is an additional key exchange stage,
> > kex in the case of export ciphers.
> >
> > [Urjit]: Nops. I mean that they can! and thats why I am confused. Not just
> > that, but even my sample client can connect to the s_server with same
> > certificate and same cipher suite
> SSL protocol differs in server_key_exchange packet
> (with may be used not only for export restriction).
> This requires temporary RSA key in context.
> If you add to server initialization routine something like:
> RSA *rsa;
> rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
> ExitPostmaster(1);
> }
> RSA_free(rsa);
> your code will work.
>
Which I might add s_server sets up automatically which explains why connecting
to s_server works...
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
