> -----Original Message----- > From: Victor Duchovni > > On Mon, Dec 06, 2010 at 11:36:01AM -0600, Mike Brennan wrote: > > > It seems that Openssl doesn't always obey the server's priority > > s/doesn't always obey/never by default obeys/ > > > ordered list of ciphers (set with SSL_set_cipher_list()), even when > > that list is syntactically correct, when the ciphers are available, > > and when the client capabilities don't constrain the choice. > > By default the server respects the client's priority. If you want > the server to pre-empt the client's preference list, try: > > SSL_CTX_set_options(3) or SSL_set_options(3): > > SSL_OP_CIPHER_SERVER_PREFERENCE
Apache also has an option for activating this: SSLHonorCipherOrder HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
