1. Why aren't all TLS ciphers listed http://mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1084747? E.g., TLS_DHE_RSA_WITH_AES_256_CBC_SHA is not on the list...
2. Also why are they at lot more ciphers listed in sslproto.h than listed in aforementioned API doc list, or even listed in sslenum.c, especially under the listing of "SSL v3 Cipher Suites" and "New TLS Cipher Suites"? 3. Do the FORTEZZA ciphers require the use of special hardware/token for key gen? -- POC "Nelson B. Bolyard" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Patrick wrote: > > > > When I call SSL_CipherPrefSetDefault with: > > cipher = SSL_RSA_EXPORT_WITH_DES40_CBC_SHA > > enabled = 1 > > I get the NSS error: "An unknown SSL cipher suite has been requested" > > Why? > > Because NSS does not implement any of the DES40 ciphersuites. > > > I don't have that problem with any other cipher listed on page > > http://mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1084747 > > You have found an error on that page. > That ciphersuite should not be listed on that page. > > The list of implemented ciphersuites that is most trustworthy is found at > http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/sslenum.c#43 > > This is the same list your program would find if your program used the > list of supported ciphersuites declared in ssl.h. > > > -- POC > > > -- > Nelson Bolyard Netscape Communications (subsidiary of AOL) > Disclaimer: I speak for myself, not for Netscape
