On Tue, Feb 20, 2007 at 05:08:07PM +0100, Bodo Moeller wrote:
> On Mon, Feb 19, 2007 at 03:22:44PM -0500, Victor Duchovni wrote:
>
> > As far as the 0.9.9 patch is concerned, is it possible to cache the
> > initial sorted order? Some applications process cipherlists for every
> > connection (dest
On Mon, Feb 19, 2007 at 03:22:44PM -0500, Victor Duchovni wrote:
> As far as the 0.9.9 patch is concerned, is it possible to cache the
> initial sorted order? Some applications process cipherlists for every
> connection (destination dependent cipher lists), and it would be nice to
> keep this effi
On Mon, Feb 19, 2007 at 02:19:27PM -0500, Victor Duchovni wrote:
> Regardless of the specific details, using a comparator makes the order
> more systematic. One can still quible over whether anonymous auth beats
> RSA auth, and I may not get my wish there, but I still think a sort based
> based on
On Mon, Feb 19, 2007 at 02:19:27PM -0500, Victor Duchovni wrote:
> [...] I
> think it is cleaner to put the anonymous kEECDH and kEDH ciphers first,
> they use the strongest key-exchange mechanisms available, and best meed
> the aut
On Mon, Feb 19, 2007 at 02:19:27PM -0500, Victor Duchovni wrote:
> This is not quite right IMHO. I think the anonymous ciphers MUST be
> first, because:
>
> 1. Most applications use "DEFAULT" and don't see them at all.
>
> 2. Applications that want a
On Mon, Feb 19, 2007 at 07:43:50PM +0100, Bodo Moeller wrote:
Thanks, a giant leap in the right direction! Nit-picking below:
> + /* Move anonymous ciphers to the end. Usually, these will remain
> disabled.
> + * (For applications that allow them, they aren't too bad,
ations should not be exposed to.
>
> Applications that don't need/want ciphers outside the "DEFAULT" list
> can further restrict the cipher choice with "DEFAULT:!this:!that" ...
>
> Things get more complicated for applications that want to support
> anonymo
ot;DEFAULT" list
can further restrict the cipher choice with "DEFAULT:!this:!that" ...
Things get more complicated for applications that want to support
anonymous ciphers but still maintain a sensible cipher order:
- With OpenSSL 0.9.7 we have:
#define SSL_DEFAULT_CIPHER_LI
On Mon, Dec 17, 2001 at 09:49:37AM -0500, Andrew Finnell wrote:
> I am trying to match up some anonymous ciphers to use between JSSE
> and OpenSSL. I did a dump of JSSE and came across some anonymous ciphers. I
> then did a dump of the ciphers built into my build of OpenSSL. I di
Title: Anonymous Ciphers
Good Morning All,
I am trying to match up some anonymous ciphers to use between JSSE and OpenSSL. I did a dump of JSSE and came across some anonymous ciphers. I then did a dump of the ciphers built into my build of OpenSSL. I did see any that specifically
10 matches
Mail list logo
