On 5/15/08, PoWah Wong <[EMAIL PROTECTED]> wrote: > Use TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) to replace > SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) > and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) to replace > SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right?
I'm not clear on what your goal is, but if you are writing both the client and server applications that communicate only with each other then you would be fine supporting only specific cipher suites such as AES, but if you are writing only one end of it (client or server), then be aware that AES is not compatible with RC4, so your application would need to support at least one of the cipher suites which the other end requires. In the later case, if your application supports both AES and RC4, and if the other end supports AES the SSL handshake negotiation will select the better cipher AES, and if the other end only supports RC4 then it will be selected instead. -Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
