Hello, Thanks for your reply.
> If this is not sufficient you may check out ssl/sslv3.c etc and > actually remove the ciphers you don't want to support in your > libssl from the registration tables. As a test, I've commented out every cipher definition in ssl/s3_lib.c, like this example: The list is: OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ [...] } And a typical commented entry is: /* Cipher 05 */ /* { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, */ None are left uncommented. But still, after make clean, Configure, make depend, make and installation, the system reports: openssl ciphers -v DES-CBC3-MD5 SSLv2 Kx=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Enc=RC4(128) Mac=MD5 DES-CBC-MD5 SSLv2 Kx=RSA Enc=DES(56) Mac=MD5 EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Enc=RC4(40) Mac=MD5 export Which is much less than before but, where are these coming from since eveything is commented out ? I do not mind that much the low encryption ciphers, but the first three are a bother. I can add more of the low encryption ciphers by uncommenting their respective declaration, but I cannot get rid of the first three. Now, 3DES might by somehow dynamically added to the list when DES is present. That could make sense and would mean that the actual DES-specific code would have to be modified to separate 3DES. Would that be also the case for the two high-crypto RC2 and RC4 ? Can they be variations added dynamically to the cipher list and not have a proper static definition in ssl/s3_lib.c ? Any suggestions/hints/comments are very much appreciated. Cheers. __________________________________________________________________ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca.toolbar.yahoo.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]