Hello, > I am facing some difficulties with OpenSSL implementation and am stuck at > handshake failure. > I have created a normal .exe (which acts as a server) which opens port 36003 > and loads the required certificate and private key and waits for any > incoming connection. > Once I recieve connection request from the client and connection is accepted > using the funtion BIO_do_accept, the handshake process fails. I am using the > function BIO_do_handshake() for this. > The reason for failure I get is "No shared cipher". > I found a function which allows us to set the list of ciper suites that we > authorize our SSL object to use. The function is > SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) where ctx is the > context and *str is the list of ciper suites for e.g. str could be > "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH". > I found that the client uses RC4_MD5 & RC4_SHA cipher suites. How to ensure > that my SSL context object uses the same cipher suite. > What string should I pass to SSL_CTX_set_cipher_list??? For e.g. > SSL_CTX_set_cipher_list(ctx, "MD5!SHA") ??? Server enforces allowable ciphers. You set at server side ciphers that you trust and client must support one of your ciphers or you disconnect. You may just add using SSL_CTX_set_cipher_list() supported by server ciphers. To list/test ciphers strings you may user openssl command. For example to list what ALL means you may execute: $ openssl ciphers -v ALL or to test what "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" means: $ openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' and next you may build your own ciphers list.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
