On Fri, 24 May 2002, Brian McGrogan wrote:
> I can replicate the problem using this (openssl-0.9.6d) : > > [root@localhost src]# openssl s_client -connect example.com:50855 > -cipher RC4-MD5 -showcerts [SNIP] > > Yet, I can establish an SSL connection using this method: > > [root@localhost src]# openssl s_client -connect example.com:50855 -ssl3 [SNIP] Hmmm... the -ssl3 switch works, but -cipher RC4-MD5 doesn't. The -ssl3 switch causes OpenSSL to force the use of TLSv1 or SSLv3 instead of auto-negotiating between TLSv1, SSLv3 and SSLv2. The -cipher switch changes which encryption/decryption cipher you're using, which isn't quite the same thing. Looking at the source for the openssl program (in the apps/s_client.c source file) I see that -ssl3 uses the SSLv3_client_method() method, whereas if you don't specify that switch, it defaults to the SSLv23_client_method() (which is what we use in TN5250) If you specify both the -ssl3 switch and the other options, does it work? That would imply that you need to use the SSLv3_client_method(). If you're building TN5250 from source, you could do a quick test by editing src/sslstream.c, searching for 'SSLv23_client_method' and changing it to 'SSLv3_client_method', then recompile and try it out... If that works, let me know. I could add a ssl_method config keyword, so people can set whichever SSL method works best for them... _______________________________________________ This is the Linux 5250 Development Project (LINUX5250) mailing list To post a message email: [EMAIL PROTECTED] To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/linux5250 or email: [EMAIL PROTECTED] Before posting, please take a moment to review the archives at http://archive.midrange.com/linux5250.
