On Mon, May 08, 2000 at 11:39:51AM +0200, Nacho Diaz Asenjo wrote:
> if (!SSL_CTX_set_cipher_list(ctx,"EDH-RSA-DES-CBC3-SHA"))
> printf("Error poniendo un cifrador\n");
Ok, so you fix the list of ciphers to EDH-RSA-DES-CBC3-SHA.
According to ssl/s3_lib.c it is:
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3
meaning
#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
You do need (temporary) DH-parameters
#define SSL_aRSA 0x00000020L /* Authenticate with RSA */
You do need a RSA public/private key pair.
...
> 11553:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
>cipher:s3_srvr.c:714:
...
>
>EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
The cipher is supported by the client, but did you supply the key and the
DH-parameters?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
