> Probably ADH ciphers should be automatically excluded if
> SSL_VERIFY_PEER is set. SSL_VERIFY_PEER usually means that the
> application *wants* the handshake to fail unless the peer can be
> authenticated; they should never set SSL_VERIFY_PEER if they
> want anonymous ciphers.
Not true. SSL_VERIFY_PEER means that the application is requesting
the peer to send a certificate (if possible). Only if
SSL_VERIFY_FAIL_IF_NO_PEER_CERT does a certificate become required.
Anonymous ciphers should be excluded if
SSL_VERIFY_FAIL_IF_NO_PEER_CERT is set but not if only SSL_VERIFY_PEER
is set.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
