> > Perhaps a better place to put it in the client would be in
> > ssl_cipher_list_to_bytes() and for the server
> > ssl_bytes_to_cipher_list() as they appear to translator/filter
> > functions that are used in the appropriate places.
>
> That doesn't sound quite right, no - there is a place where a list of
> negotiable ciphers is assembled, but I can't remember where off the top
> of my head - somewhere in ssl/*.c - I guess that if that happens after
> the client cert has been handled, you could do it there.
The way I see it, the KRB5 ciphers need to be filtered out at the
location where the Client Hello message is both constructed in the
client and processed in the server. That is why I am looking at the
translation functions. If KRB5 can't possibly succeed, don't offer
them to the server or ignore them on the server.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
