> From: owner-openssl-us...@openssl.org On Behalf Of Kanchan Kumar
Shaw
> Sent: Thursday, 15 September, 2011 08:22
> I have written a simple program to test available ciphers. And of
course
> I have a problem with some of them. I installed openssl--1.0.0e [normally]
> My problem is that I am unable to set the following five cipher.
> EXP-DH-RSA-DES-CBC-SHA
> EXP1024-RC4-MD5
> EXP1024-RC2-CBC-MD5
That's three not five. The first one and apparently all other
fixed-DH suites (in s3_lib.c) have valid=0, and the other places
that reference fixed-DH (SSL_kDH*) mostly have comments saying
"no such ciphersuites supported" and it appears the logic that
would implement them isn't there. I never encountered this because
I've never wanted to do fixed-DH, and maybe nobody else has.
On the others, you seem to have the same problem as Rajab Karmaker
also at alumnux.com had Sep. 08 and Sep. 13 (but I didn't have time
to look at then). Maybe you should get together with him. These
reportedly-expired-draft ciphers are under an EXPERIMENTAL macro,
which it appears Configure can't enable- or even experimental-
(not in %disabled AND not in form OPENSSL_{NO,EXPERIMENTAL}_x).
It looks to me like patching tls1.h should get them to build, but
he says it didn't, and I don't have time to, well, experiment.
Even if you get them built, you're on your own whether they work.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
