Victor Duchovni a écrit :
On Wed, Mar 24, 2010 at 11:09:44AM +0100, Gregory BELLIER wrote:
if I copy an existing cipher in OpenSSL and rename it, it will act as if it
is a new cipher.
On the wire SSL ciphers have numeric ids, not names. If you "rename"
a cipher, it just changes how it is displayed in logs. Renaming ciphers
is fairly pointless and counter-productive. Why would you do this?
Yes, renaming and changing the OID. Yes, it's useless but I want to
learn. Therefore, I do useless stuff.
Would I need to build postfix against this new OpenSSL to be able to use
the new cipher?
What new cipher? I thought you were just "renaming" an existing cipher.
Inserting a "new" one. It's just a copy with a new name and a new OID.
And who else would implement your "new" cipher to inter-operate with
your Postfix?
No one.
How does the TLS negociation work ? I guess it is done by Postfix which
asks OpenSSL what ciphers are supported and depending of the negociation,
Postfix stores the cipher's OID selected.
At this point, you really need to step back, take a deep breath, and
use OpenSSL as-is.
As I said, it's to learn. If I do nothing then it's pointless.
What I ask is not your point on if it's relevant to do it or not because
we all know it's not.
