On Tue, Mar 11, 2003, rajagopalan ramanujam wrote:
> I am not setting the server certi and key files. But
> Set_chiper_list is called with "ALL" both on the
> server and client side. even then handshake fails when
> the server extracts the chiper.
> al=SSL_AD_HANDSHAKE_FAILURE;
> SSLer(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
>
> ssl_server ()
> {
> :
> :
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> meth = SSLv23_server_method();
> ctx = SSL_CTX_new (meth);
> :
> : socket()..
> bind()
> listen()
> :
> accept()
>
> SSL_CTX_set_cipher_list(ctx,"ALL");
> ssl = SSL_new (ctx);
> SSL_set_fd (ssl, sd);
> err = SSL_accept (ssl);
>
> Is it because i have not added the certi and keys?
>
If you don't set and server certificates then only those ciphersuites without
authentication will work: currently anon DH which is however vulnerable to man
in the middle attacks. However for anon DH to work you need to set some DH
parameters, see FAQ and related manual pages.
So either set a server certificate or some DH parameters.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
