On Mon, Apr 22, 2002 at 09:21:01AM -0500, Kenneth R. Robinette wrote:
> What it comes down to is the application is using undefined methods
> to force the SSL cipher list to only contain RSA:NULL:MD5 in the
> client cipher list. However, by using these unsupported methods, the
> app is not calling SSL_CTX_set_cipher_list or any of the other common
> methods of setting the cipher list, which results in the ssl_digest-
> methods[] array not being initialized. Somehow this array must get
> initialized during OpenSSL dll setup, but so far I have not been able
> to track down where that is being done.
>
> When I use the correct method of setting the cipher list using
> SSL_CTX_set_cipher_list, everything works as it should, with both the
> dll's and the static link. However comments in the old code indicate
> problems in this area in older versions of OpenSSL, thus I guess the
> use of the unsupported methods.
>
> What would be the correct method to force the client cipher list to
> only contain RSA:NULL:MD5 that would work with all recent versions of
> OpenSSL?
What about SSL_CTX_set_cipher_list() :-)
Anyway: ssl_create_cipher_list() is responsible for initializing
ssl_digest_methods() via load_ciphers(). ssl_create_cipher_list() is
called from SSL_CTX_new() (in 0.9.7 and I would suspect in older versions,
too), so that I don't see why it should make a difference with respect
to dll setup...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
