> From: owner-openssl-us...@openssl.org On Behalf Of Kanchan Kumar Shaw > Sent: Thursday, 15 September, 2011 08:22
> I have written a simple program to test available ciphers. And of course > I have a problem with some of them. I installed openssl--1.0.0e [normally] > My problem is that I am unable to set the following five cipher. > EXP-DH-RSA-DES-CBC-SHA > EXP1024-RC4-MD5 > EXP1024-RC2-CBC-MD5 That's three not five. The first one and apparently all other fixed-DH suites (in s3_lib.c) have valid=0, and the other places that reference fixed-DH (SSL_kDH*) mostly have comments saying "no such ciphersuites supported" and it appears the logic that would implement them isn't there. I never encountered this because I've never wanted to do fixed-DH, and maybe nobody else has. On the others, you seem to have the same problem as Rajab Karmaker also at alumnux.com had Sep. 08 and Sep. 13 (but I didn't have time to look at then). Maybe you should get together with him. These reportedly-expired-draft ciphers are under an EXPERIMENTAL macro, which it appears Configure can't enable- or even experimental- (not in %disabled AND not in form OPENSSL_{NO,EXPERIMENTAL}_x). It looks to me like patching tls1.h should get them to build, but he says it didn't, and I don't have time to, well, experiment. Even if you get them built, you're on your own whether they work. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org