Hi
When i use SSLv3_client_method() i get
ssl version: SSLv3
cipher version: TLSv1/SSLv3
Why does the cipher supports TLSv1 when SSLv3 is used ?
I would like to check the negotiated and supported algos
against a list of "known weak" ciphers.
int
SSL_check_ciphers(SSL *s)
{
SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
if ( (sk = SSL_get_ciphers(s)))
return -1;
c = sk_SSL_CIPHER_value(sk, 0);
printf("cipher id: %d\n", c->id);
/* weakOrNot function missing here */
return 0;
}
I will create a huge array of id,weakOrNot elements and
match the found cipher against this list.
The question (h0h0): How constant is the openssl list of
id <-> UsedCipher ?
I'm talking about
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
in ./ssl/s3_lib.c.
and:
unsigned long id; /* id, 4 bytes, first is version */
First ? Bigendian i guess, right ?
(quick question: Is the STACK_OF(SSL_CIPHER) always
sorted with the strongest chiper first ?)
How do i get the bits of a DSA or DH key ?
I can use BN_num_bits directly but are unsure
if its *g or *p ?!
(see struct dsa_at in dsa.h)
just wondering:
in ssl.h, struct ssl_cipher_st:
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
wtf ? All crypto just a fake ?
What is this "number of bits really used" supposed to mean ?
We use the first one (40 bits, hi NSA) and show the second one to
the user ? :)
Is there a simple way to check what ciphers the peer supports
for each ssl-verson ?
Or do i need to reconnect for each ssl-version (v2, v3, tlsv1) ?
The so called 'Public Key Algorithm: rsaEncryption' is
the used Authentication-algo or Keyexchange-algo ?
skyper
--
PGP: dig @segfault.net skyper axfr|grep TX|cut -f2 -d\"|sort|cut -f2 -d\;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
