On Thu, Jun 29, 2006 at 12:28:44PM -0700, Chris Clark wrote: > I have written a client program in which I allow the user to configure > which cipher groups they want to allow as well as a cipher strength of > low, medium, or high. > > The problem is I can't find a way of selecting the order in which I > want the cipher negotiated. For example if all ciphers are enabled in > the configuration, I would perfer if AES is selected during > negoitation.
What real problem is this intended to solve? > Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers > from a group (IDEA and ADH). I also remove AES at the beginning (Shif > +="-AES:") and add it later because if I don't remove AES there is no > way to separate AES128 and AES256. > (Due to an OpenSSL bug, HIGH selects both AES128 and AES256) Is this a real problem? What's wrong with: !EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA > Is there a way I can force the client to negotiate using AES as the > perfered method, and if the server will not allow AES then it selects > some other cipher? So you want AES(128) to be preferred over DES(168)? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]