Philip Hazel wrote:
> On Tue, 29 Nov 2005, Daniel Tiefnig wrote:
>> {DHE-RSA-AES256-SHA}{!DHE-RSA-AES256-SHA:DES-CBC3-SHA}}
>
> Well, that works for me too, so maybe we should go with it. I don't
> think it's an underscore vs hyphen thing, because it works for me
> with both.
Of course I tried everything with underscores too... :o)
> I don't know much about this either, but the partial cipher suite
> names should be legal, according to the OpenSSL documentation that I
> quote in the reference manual (section 38.4 in the 4.60 edition). I
> wonder if something has changed in OpenSSL? Can you easily check the
> documentation for your version to see if it says anything about
> cipher suite names?
Sure. The changelog doesn't seem to contain anything relating to this,
and the documentation snippet you mentioned remained unchanged so far. I
think you can try whether there was a change with the s_client command.
For me, with openssl 0.9.8, it says:
[EMAIL PROTECTED]:~$ openssl s_client -cipher RSA-AES256
error setting cipher list
[EMAIL PROTECTED]:~$ openssl s_client -cipher DHE-RSA-AES256-SHA
connect: Connection refused
But also:
[EMAIL PROTECTED]:~$ openssl s_client -cipher RSA
connect: Connection refused
[EMAIL PROTECTED]:~$ openssl s_client -cipher SHA
connect: Connection refused
[EMAIL PROTECTED]:~$ openssl s_client -cipher AES256-SHA
connect: Connection refused
lg,
daniel
--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details
at http://www.exim.org/ ##
