Am 25.10.2014 13:55, schrieb Jaya Nageswar:
2. In general, if we have SSLv23 protocol at both client and Server, How does the protcol negotiation happens? I have been reading that the client sends a client_hello message along with the other protocols supported and the cipher suites. The Server then sends its supported protocols/cipher suites and selects the highest protocol supported by client and Server in the order. Is my understanding correct?
The client sends in the client_hello the highest SSL/TLS version it supports and a list of supported cipher suites. The server selects the highest protocol version compatible with the client abilities and selects one of the cipher suites the client offers and the server supports too. In older OpenSSL versions the server selects the first cipher suite in the list offered by the client, i.e. the client has strong influence which cipher suite is selected. In newer OpenSSL versions (don't ask me which ones, maybe its even only a proposal for future OpenSSL versions) afair there is a possibility that the server uses some other rules for selecting a cipher suite (i did a quick look for appropriate OpenSSL functions, but up to now i didn't find one which allows to influence the server as described before.)
Best regards, Richard ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
