Let's pretend for a moment that an out of the box application uses openssl to provide access not through a browser, but rather through a SOAP client like Eclipse. And let's also say that you have no access to the code internal to that application. Is there any other way to limit the ciphers? Some kind of config file or a special way to compile the executable?
________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton [aerow...@gmail.com] Sent: Wednesday, August 11, 2010 9:11 PM To: openssl-users@openssl.org Cc: Alex Chen Subject: Re: Cipher selection No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: > Does openssl choose the cipher from the pem file? If so, which section of the > following pem file sets the cipher for communication? --------------------------------------------------------------------- CONFIDENTIALITY NOTICE This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited. If you receive this e-mail in error, please notify me immediately by replying to this e-mail. --------------------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
