Re: How does cipher selection and TLS protocol negotiation interact

2012-06-16 Thread Dr. Stephen Henson
On Fri, Jun 15, 2012, Erik Forsberg wrote: > To answer my own question, seems the code that generates the > SSL_CIPHER_description() output does not make any difference between SSLv3, > TLSv1.0 > and TLSv1.1. Only TLSv1.2 is displayed as such. So in my case, I probably > did have a TLSv1 connectio

RE: How does cipher selection and TLS protocol negotiation interact

2012-06-15 Thread Erik Forsberg
that TLSv1 in the cipher string disables TLSv1.2 ciphers ? I didnt expect that. >-- Original Message -- >Date: Fri, 15 Jun 2012 14:34:27 -0700 >From: "Erik Forsberg" >Subject: How does cipher selection and TLS protocol negotiation interact >To: openssl-users@openssl.org

How does cipher selection and TLS protocol negotiation interact

2012-06-15 Thread Erik Forsberg
I have a weird case that I cannot properly explain. Using OpenSSL 1.0.1c for both client and server, I was testing various combinations of ciphers and protocol version requests. Basically, the server uses SSLv23_server_method(). The client code uses SSLv23_client_method() and SSL_OP_NO_SSLv2 Then

RE: Cipher selection

2010-08-17 Thread Tim Cloud
ell) -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob Bohm Sent: Monday, August 16, 2010 4:18 AM To: openssl-users@openssl.org Subject: Re: Cipher selection On 12-08-2010 18:03, Tim Cloud wrote: > Q: I am a bit confuse

Re: Cipher selection

2010-08-16 Thread Jakob Bohm
__ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick [open...@morethan.org] Sent: Thursday, August 12, 2010 9:15 AM To: openssl-users@openssl.org Subject: Re: Cipher selection On Wed August 11 2010, Tim Cloud wrote: Let's pretend f

Re: Cipher selection

2010-08-13 Thread Alex Chen
and with the highest security, correct? For people that uses openssl right out of the box and does not any special cipher selection, if we use the same version of openssl on both ends I assume the cipher used in the connection will be the first one, DHE-RSA-AES256-SHA, right? Alex On Aug

Re: Cipher selection

2010-08-12 Thread Michael S. Zick
On Thu August 12 2010, Tim Cloud wrote: > > That is EXACTLY what I want to do. > But having a background as a SQL DBA, I have no idea how to do that. > Is there an easy answer? > The server will be running Windows 2003 32-Bit, and I just want to > compile it with only the FIPS compliant stro

RE: Cipher selection

2010-08-12 Thread Tim Cloud
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick [open...@morethan.org] Sent: Thursday, August 12, 2010 9:15 AM To: openssl-users@openssl.org Subject: Re: Cipher selection On Wed August 11 2010, Tim Cloud wrote: > Let'

RE: Cipher selection

2010-08-12 Thread Erik Tkal
owner-openssl-us...@openssl.org] On Behalf Of Tim Cloud Sent: Wednesday, August 11, 2010 11:14 PM To: openssl-users@openssl.org Subject: RE: Cipher selection Let's pretend for a moment that an out of the box application uses openssl to provide access not through a browser, but rather through a S

Re: Cipher selection

2010-08-12 Thread Michael S. Zick
; Behalf Of Kyle Hamilton [aerow...@gmail.com] > Sent: Wednesday, August 11, 2010 9:11 PM > To: openssl-users@openssl.org > Cc: Alex Chen > Subject: Re: Cipher selection > > No, OpenSSL chooses the cipher from the argument to > SSL[_CTX]_set_cipher_list(3ssl) called on the SSL

RE: Cipher selection

2010-08-11 Thread Tim Cloud
nssl-users@openssl.org Cc: Alex Chen Subject: Re: Cipher selection No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: > Does openssl choose the cipher from the pem file? If so, which s

Re: Cipher selection

2010-08-11 Thread Kyle Hamilton
No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: > Does openssl choose the cipher from the pem file? If so, which section of the > following pem file sets the cipher for communicat

Cipher selection

2010-08-11 Thread Alex Chen
Does openssl choose the cipher from the pem file? If so, which section of the following pem file sets the cipher for communication? Certificate: Data: Signature Algorithm: md5WithRSAEncryption Issuer: . Validity Not Before: ... Not After : ...

Cipher selection patch feedback?

2007-02-07 Thread Victor Duchovni
On Wed, Jan 31, 2007 at 01:27:23AM -0500, Victor Duchovni wrote: Any feedback? Will the patch be considered? I imagine Sun is not the first or last vendor to tinker with the algorithms they ship in libcrypto, and that having robust behaviour in libssl when they do so is a worthwhile goal. Making t

Re: SSL cipher selection in openssl

2002-05-25 Thread Lutz Jaenicke
On Fri, May 24, 2002 at 03:21:02PM -0700, Shyamal Kumar wrote: > In the openssl library code, i notice that the array of SSL_CIPHER > structures in s3_lib.c is what determines the order in which cipher > suites are searched when processing a client hello. Is that right? would > this mean, that if

SSL cipher selection in openssl

2002-05-24 Thread Shyamal Kumar
Hi, In the openssl library code, i notice that the array of SSL_CIPHER structures in s3_lib.c is what determines the order in which cipher suites are searched when processing a client hello. Is that right? would this mean, that if i want to give preference to DES-CBC-SHA over EDH-RSA-DES-CBC-SHA,