> From: owner-openssl-...@openssl.org On Behalf Of stefano.cata...@gmail.com > via RT > Sent: Friday, January 10, 2014 03:53
> Hello, sorry for my poor english, i installed both 1.0.1e and 1.0.1f > version of openssl but in both versions the cipher > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > does not exists. > That suite certainly does exist in OpenSSL and has for a long time. At least by default; you can probably exclude at build if you want. The OpenSSL names for some ephemeral DH suites are spelled EDH instead of DHE as in the standards. OpenSSL also spells [EC]DH_anon and 3DES differently in some cases and omits RSA for akRSA, and some noise words. There has been discussion of some changes to this coming. > I found only EDH-DSS-DES-CBC3-SHA so connections with explorer 8 and > cipher suite > That is indeed the OpenSSL name for the suite above. > "-ALL:AESGCM:ECDH:DH:-SSLv3:-AES256-GCM-SHA384:-AES128-GCM- > SHA256:TLSv1.2:3DES:SSLv3:-CAMELLIA:-aNULL:-eNULL:-EXP:-MD5:-PSK:- > LOW:-RC4:-SRP:-MEDIUM:-DES-CBC3-SHA" > > does not works. > Assuming you mean Internet Explorer 8, the only one I have is on an old XP SP3 box, and it successfully connects to 1.0.1e s_server using your cipherstring, with a DSA key&cert of course. I don't have f installed yet but I very much doubt it is different. Note that IE uses Windows (stunnel) to do SSL/TLS, so it may be the version and patches of your Windows that matters as much as or even more than IE. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
