Hello, > I have some doubts regarding OpenSSL cipher algorithms and I was wondering if someone > could help me with that. > > 1) If my understanding is correct, the client sends the list of supported cipher > algorithms and the server will choose one algorithm of such list in order to establish > the secure channel. Is there some priority for the algorithms? For instances, will it > favor AES in lieu DES whenever supported by the client? Or is the algorithm chosen randomly? Client should sent most favorite cipher first. But, of course, server makes the final decision. Client order of cipher_suites in client_hello is only hint for server.
> 2) How is the symmetric key negotiated in OpenSSL? Does it use Diffie-Hellman or > RSA? Or does it vary depending on client request? If the second, what is used if client > supports both? Key exchange method is dependent of chosen ciphersuite. Look at: $ openssl ciphers -v Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
