Hi When i use SSLv3_client_method() i get ssl version: SSLv3 cipher version: TLSv1/SSLv3 Why does the cipher supports TLSv1 when SSLv3 is used ? I would like to check the negotiated and supported algos against a list of "known weak" ciphers. int SSL_check_ciphers(SSL *s) { SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; if ( (sk = SSL_get_ciphers(s))) return -1; c = sk_SSL_CIPHER_value(sk, 0); printf("cipher id: %d\n", c->id); /* weakOrNot function missing here */ return 0; } I will create a huge array of id,weakOrNot elements and match the found cipher against this list. The question (h0h0): How constant is the openssl list of id <-> UsedCipher ? I'm talking about OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ in ./ssl/s3_lib.c. and: unsigned long id; /* id, 4 bytes, first is version */ First ? Bigendian i guess, right ? (quick question: Is the STACK_OF(SSL_CIPHER) always sorted with the strongest chiper first ?) How do i get the bits of a DSA or DH key ? I can use BN_num_bits directly but are unsure if its *g or *p ?! (see struct dsa_at in dsa.h) just wondering: in ssl.h, struct ssl_cipher_st: int strength_bits; /* Number of bits really used */ int alg_bits; /* Number of bits for algorithm */ wtf ? All crypto just a fake ? What is this "number of bits really used" supposed to mean ? We use the first one (40 bits, hi NSA) and show the second one to the user ? :) Is there a simple way to check what ciphers the peer supports for each ssl-verson ? Or do i need to reconnect for each ssl-version (v2, v3, tlsv1) ? The so called 'Public Key Algorithm: rsaEncryption' is the used Authentication-algo or Keyexchange-algo ? skyper -- PGP: dig @segfault.net skyper axfr|grep TX|cut -f2 -d\"|sort|cut -f2 -d\; ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]