Dr Stephen Henson Thank you a lot for your help again and again.
I just want to say that your solution solve the probelm.
And indeed our attempt to call SSL_read() in the server gives
us an error -1 and we handled all ssl_error the same way.
So we changed it and it works.
So Thank you again,
Peleg Atar.
>From: Dr Stephen Henson <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: How to use SSL_CTX_set_cipher_list in order to avoid IE 5.01
>problem.
>Date: Wed, 12 Jul 2000 18:22:47 +0100
>
>peleg atar wrote:
> >
> > Dr Stephen Henson Thank you a lot for your help.
> >
> > I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the
> > SSL_CTX_set_cipher_list function.
> >
> > Right now the behavior of the IE 5.01(Win2000)is
> > "page can not be displayed" in the first attempt for connecting securly
>to
> > the openSSl server.
> > But in the second attempt I succeed connecting to the site.
> >
> > Is this the correct behavior?
> > If it is, then what should i do in order to fix it?
> >
>
>No this is not normal behaviour as such. There are several possible
>causes.
>
>What usually happens when you use SGC or "step up" is that the first
>attempt to call SSL_read() in the server gives an error -1 and the
>various things are set to tell it to retry the call.
>
>If it doesn't and just assumes -1 is an error and closes the connection
>you can get the result you mention.
>
>If it does retry properly you shouldn't see that error.
>
>Thats one possible cause: a bug in the server software but there are
>other possible reasons too particularly if this worked with OpenSSL
>0.9.4.
>
>You might also want to try the s_server program (which does retry) and
>see if you get the same problem.
>
>If you do get the same problem check what cipher it negotiates then try
>messing around with the cipher list a bit more. For example
>DEFAULT:!EXPORT56:!DES:@STRENGTH to eliminate all 56 bit cipher suites
>and RC4:!EXPORT56:@STRENGTH to just use RC4.
>
>Steve.
>--
>Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
>Personal Email: [EMAIL PROTECTED]
>Senior crypto engineer, Celo Communications: http://www.celocom.com/
>Core developer of the OpenSSL project: http://www.openssl.org/
>Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
