Hi,
when running in server mode, I want to obtain a list of the ciphers the
client presented (for debugging purposes).
If did not miss anything (while reading the source and doing experiments
with s_server and s_client, this list is obtained by calling
SSL_get_shared_ciphers().
While this might give me what I want, the name of the function is a bit
misleading, isn't it?
- Is this behaviour intended?
- Should the the behaviour be changed (probably breaking existing code)?
To reproduce, call "openssl s_server -cipher DEFAULT:-DSS" and call
"openssl s_client -cipher DEFAULT", the server will still list the
DSS ciphers. Call "openssl s_client -cipher DEFAULT:-DSS" and the
server will not list them anymore, so what the server is going to list
_is_ the list of ciphers listed by the client, not the list of shared
ciphers. The last one would also include an evaluation of the available
certs, because this further restricts the available certificates, see
ssl3_choose_cipher().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]