On Thu, Mar 18, 2010, Vishal Rao wrote: > On 18 March 2010 10:09, Victor Duchovni > <victor.ducho...@morganstanley.com> wrote: > > It is always enabled, no special compilation flags required. > > > > Applications have to enable NULL ciphers explicitly at runtime. Do not > > recompile with a broken DEFAULT cipher list, just configure applications > > that know what they are doing to use NULL ciphers by specifying a > > suitable cipherlist. > > Which version of OpenSSL are you talking about? An older one than > 0.9.8g or the latest? > > The one I tried (098g) the READMEs say "its disabled by default" and needs to > be > enabled via a configuration flag while compiling it. > > I'm using the ACE toolkit's ACE_SSL module (for SSL sockets support) which > depends on OpenSSL and it only "seems to work" when I do this manual > source edit. > > I don't see any API/option in ACE_SSL to "enable NULL cipher" and the fact > that > it "starts working" for me when I just rebuild the OpenSSL library > with my change > leads me to ask this question. >
There was an option which was required long ago. > Any tips on how I might peek under the hood to see what ACE_SSL is doing that > does not work unless I change the OpenSSL build? > The application needs a runtime configuration option to set an alternative cipherlist. The functions SSL_CTX_set_cipher_list() and SSL_set_cipher_list() do this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
