Lutz Jaenicke wrote:
>
> On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> > I have a simple server which I can connect to using the openssl
> > client, and using Netscape no problems.
> >
> > MS Internet Explorer refuses to connect and I get the dreaded
> > "no shared cipher" message on my server.
> >
> > Pointing IE to openssl s_server indicates it using EXP-RC4-MD5.
> > I have tried setting ciphers with SSL_CTX_set_cipher_list()
> > and the changes can be demonstrated with s_client but IE still
> > fails. I can run c_client -cipher EXP-RC4-MD5 and it works
> > just fine. What the hell does IE want?
>
> If I would have a simple answer, I would give it to you.
> s_client will run with SSLv2-TLSv1 enabled (SSLv3/TLSv1 preferred),
> so EXP-RC4-MD5 will be the SSLv3 version.
> I have just tried with SSLv2 only, SSLv3 only etc and it seems to work
> between s_client and s_server...
>
Hmmm...the v2/v3 thing led me to experiment some more and I discovered
a mode in which it will work, but it is far from ideal.
I had to make two changes:
1) sslServerContext = SSL_CTX_new(SSLv2_server_method())
2) Removed the call to SSL_CTX_set_verify()
And now MSIE will connect okay. Now the question is, how do I enable
SSLv3 and cert verification? (I need both these things in another
part of the app)
MSIE connects to s_server with SSLv3/TLSv1 EXP-RC4-MD5. I'd like to
know what s_server does to make it work.
BTW, how do I do an "ssldump"? (www.openssl.org is down at the moment)
Thanks,
DT
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
