On Fri, Feb 16, 2001 at 10:56:47AM +0000, Andrew Cooke wrote:
> Thanks for two good suggestions. Although I was using neither, they don't
> change much:
>
> - I am now using SSLv23_method and SSL_OP_ALL
> - The connection fails unless SSL_OP_NO_SSLv3 is included (ie SSLv3 is
> excluded)
> - The error is now "No common cipher" (handshake B; no handshake A)
>
> "No common cipher" suggests *very* strongly that I have an error in my
> compilation/linking/library that is excluding some cipher suite. However,
> when I list the available ciphers from within the code everything seems
> correct and the same libraries work with SSLv2 (or rather, with SSLv3
> disabled) and with other browsers.
I don't have a NN 4.5 available by now, it is quite old, isn't it.
The "No common cipher" seems a bit strange to me. Let me suggest two
more things:
- Set up s_server and try to connect to it. s_server will probably more
comparable to your code.
(With or without bug workarounds, see the list of options.)
- There is a difference to mod_ssl in that mod_ssl also restricts the ciphers
allowed by removing the EXPORT56 ciphers.
There is a IE bug with them, I am not aware that Netscape should also be
affected, but it is well worth a try.
If this applies, the first test should have failed :-)
Check out the default cipherstring used in mod_ssl and use it for s_server.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]