> From: owner-openssl-us...@openssl.org On Behalf Of Gauri Kshirsagar
> Sent: Tuesday, 03 May, 2011 05:37
> I have built an SIP test application using openssl. I am trying
> to restrict the ciphers sent by this application in Client Hello
> to those with only RSA key exchange.
> Is there a way to configure it in OpenSSL?
> I tried to compile the source code with SSL_DEFAULT_CIPHER_LIST
> set to "RSA:!aNULL:!eNULL:+RC4:@STRENGTH" in ssl.h.
!aNULL after (only) RSA is a no-op.
> When I run openssl ciphers -v the ciphers listed are just those with
RSA,
> C:\Openssl_src\openssl-0.9.8f\openssl-0.9.8f\out32dll>openssl.exe
ciphers -v
<snip>
> but when I build the application using these new libraries
> the application still sends all the ciphers as shown below
<snip>
1. Make sure the application *runs* with your modified DLL(s).
On Unix the equivalent is explicit, but IME most Windows versions
formerly tried the executable's directory first and then PATH
but recent Windows security patches apparently changed this.
2. The default is only the default. If the application calls
SSL_[CTX_]set_cipher_list that overrides. Unless you have a
reason to make this change across your entire system (or
network) it's usually better for each application to configure
its own cipherlists than have 3 or 5 or 20 different OpenSSLs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
