On Thu, Jun 29, 2006 at 12:28:44PM -0700, Chris Clark wrote:
> I have written a client program in which I allow the user to configure
> which cipher groups they want to allow as well as a cipher strength of
> low, medium, or high.
>
> The problem is I can't find a way of selecting the order in which I
> want the cipher negotiated. For example if all ciphers are enabled in
> the configuration, I would perfer if AES is selected during
> negoitation.
What real problem is this intended to solve?
> Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers
> from a group (IDEA and ADH). I also remove AES at the beginning (Shif
> +="-AES:") and add it later because if I don't remove AES there is no
> way to separate AES128 and AES256.
> (Due to an OpenSSL bug, HIGH selects both AES128 and AES256)
Is this a real problem? What's wrong with:
!EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA
> Is there a way I can force the client to negotiate using AES as the
> perfered method, and if the server will not allow AES then it selects
> some other cipher?
So you want AES(128) to be preferred over DES(168)?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
