On Wed, Dec 17, 2003, Obermeier Markus ICM MP PD TS wrote: > Dear all, > > I am working on a EAP/TLS authentication with Freeradius and the Odessey client. > After a client hello message with a bunch of cipher suites, the odyssey client > receives a server hello message with one cipher suites. It responds with a TLS Alert > message that tells the server the cipher suite selection has been fatal! > > At the end I attached the complete protocol as well for further studies. > > How does Libssl choose the cipher suite? >
IIRC the client hello reports the supported ciphersuites in order of preference and the OpenSSL server code will normally use the first one from that list that it supports. The actual ciphersuites supported by the server may be less than those OpenSSL supports because some require DH parameters and others a DSA certificate. It is possible to override the clients preference though and use a server preferred ciphersuite. You could try disabling some ciphersuites with the server cipher string to see if others will work. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
