> > In sslsock.c, I print ssl3_CipherPrefSetDefault and I can see that my > cipher is not enabled. > > Do you have any hints/tests which could help me ? Some tests I could do ? > What am I missing ?
OK, this is your overall problem. If NSS does not have a cipher enabled, it will neither advertise it nor select it, no matter where it is on the list. There are two possible reasons for this: 1) New Ciphers are not enabled by default, you need to explicitly turn on that cipher in the application. (you can do this in selfserv and tstclnt with just by cipher suite number). Some applications query the available ciphers and turn them on automatically, others will need to be modified. 2) All ciphers are checked to make sure there is an implementation for the cipher (that is there is a PKCS #11 module that implements that cipher). If your PKCS #11 module is not loaded, the cipher will never be enabled. Since you got S/MIME to work, I'm presuming you have a PKCS #11 mechanism number for the cipher already and that mechanism is already implemented in some PKCS #11 module. > > I tried the tools in mozilla/security/nss/tests but the tests fail at > the beginning "Checking for build - FAILED". You need to actually build NSS first. Go to mozilla/security/nss, make nss_build_all. You'll need coreconf and nspr pulled. the full instructions and other caveats are on the website. > > Thanks in advance, > Gregory. > > > >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto