Hi,
I have just finished a first patch for the cipher selection and sorting
improvements, especially for 56bits.
It features a separate long int for "export state" and cipher strength.
I have also made some small change to make the use of the SSL_IS_EXPORT...
and SSL_C_IS_EXPORT... etc macros more consistent.
By now only the SSL_C_... macros are called.
A doc/ssl_ciph has been added containing a "manual page" like description
of ssl_create_cipher_list() has been added with a description of the
control string.
Important things to do:
- Have the alg_bits and use_bits on the new TLSv1 ciphers checked.
- Check SSL_EXPORT_KEYLENGTH macro, whether SSL_IS_EXPORT40 is really
wanted here.
- Think about the handling of cipher_list and cipher_list_by_id in case
of trouble. First a pointer is assigned and in case of error it is
freed without resetting the pointer to NULL (cipher_list) while the
copy is kept (cipher_list_by_id)...
- Go through ssl_create_cipher_list and and put in-code comments to make
life easier for the next volunteer and to not waste what I have learned
in between.
The patch is against openssl-SNAP-19991101, because this is what I just
downloaded. It did work quite well with s_server and s_client, but failed when
testing in practice with a
2311:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:615:Expecting:
X509 CRL:
Anyway, the patch applies and works cleanly with openssl-0.9.4.
Brave people interested in the 56bit stuff can download the patch at
ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/related/openssl-patch/
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
