Hi There., Marek, hope ur reading this mail.
I am hitting a strange problem with Openssl. Recently I migrated from OpenSSL-0.9.8a to OpenSSL-0.9.8d, from the release notes, I see that some fixes have gone into cipher selection logic of OpenSSL. Now for the same CLIENT HELLO message (same as in no diff to cipher order or ssl version from IE), OpenSSL-0.9.8d selects DH cipher suite when RC4-MD5, DES, 3DES, AES are sent ahead of this DH in the client hello. Now my question is simple. 1. Is this behaviour only restricted to OpenSSL-0.9.8d or other versions as well? 2. Why does this happen? Kindof an attack as a weak suite is negotiated. 3. When will a DH be selected by the server. Note: cipher selection priority is pointing to server (coded that way in the application). This is really strange and hope to get some inputs. Marek..I would appreciate your reply. Thanks --Gayathri ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
