Many applications have a configuration for that, either via a range (high/medium/low security), or by explicitly listing the cipher suites. The configuration may be in a file, Windows registry, or anywhere; it's completely up to the application implementation.
Remember that the client offers the cipher suite list, and the server picks one of these. Also note that you cannot modify the cipher suite list in the Client Hello in flight, as that would be detected in the handshake processing. Erik Tkal -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Tim Cloud Sent: Wednesday, August 11, 2010 11:14 PM To: openssl-users@openssl.org Subject: RE: Cipher selection Let's pretend for a moment that an out of the box application uses openssl to provide access not through a browser, but rather through a SOAP client like Eclipse. And let's also say that you have no access to the code internal to that application. Is there any other way to limit the ciphers? Some kind of config file or a special way to compile the executable? ________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton [aerow...@gmail.com] Sent: Wednesday, August 11, 2010 9:11 PM To: openssl-users@openssl.org Cc: Alex Chen Subject: Re: Cipher selection No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: > Does openssl choose the cipher from the pem file? If so, which section of the > following pem file sets the cipher for communication? --------------------------------------------------------------------- CONFIDENTIALITY NOTICE This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited. If you receive this e-mail in error, please notify me immediately by replying to this e-mail. --------------------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
