Hi there, I'm using OpenSSL to do some research and I find some strange behaviors of certificate exchange on client side.
The cipher suite is set to "AES128-SHA" on both server and client side, which I think shall only use and exchange RSA key and certificate. But when client side doesn't contain the RSA key and certificate, it will just give server the DSA certificate and the connection can be established successfully. The cipher suite is set to "DHE-DSS-AES128-SHA" on both server and client side, which I think shall only use and exchange DSA key and certificate. But when client side contains both the key and certificate of RSA and DSA, it will give server the RSA certificate instead of DSA certificate and the connection can be established successfully. If client side doesn't contain the RSA key and certificate, it will then give server the DSA certificate and the connection can also be established successfully. However, it will just return no shared cipher error on server side when the set cipher suite doesn't match what it contains. eg: cipher suite is "AES128-SHA" but the server only contains DSA key and certificate. I just don't know whether it is a correct behavior. It would be appreciated if someone could help me to explain this issue. Thank you very much in advance! regards. -Yijun Wu
