On 14.12.2013 00:00, Dr. Stephen Henson wrote:
How are you disabling RSA key exchange?
by setting all ciphers beginning with RSA to no in FF
If you disable RSA for authentication
too you'll hit problems if you don't have a non-RSA certificate. So for
example: ECDHE-ECDSA-3DES-EDE-SHA needs a
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Walter H.
> The server is capable of ciphers DHE-* and others;
> the list is quite longer than the avaiable ciphers of the client ...,
> so I think this is quite strange ...
>
> openssl ciphers -V
>
On Fri, Dec 13, 2013, Walter H. wrote:
> On 13.12.2013 21:16, andrew cooke wrote:
> >well, i realised i couldn't answer the question seriously... what is
> >ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to
> >google chrome and firefox accepting it (a grep of openssl 1.0.
well, not really, because in practice the name has to match, so you are stuck
(as the earlier answer says).
i guess the answer is somewhere in the nss code...
andrew
On Fri, Dec 13, 2013 at 10:04:52PM +0100, Walter H. wrote:
> On 13.12.2013 21:16, andrew cooke wrote:
> >well, i realised i cou
On 13.12.2013 21:16, andrew cooke wrote:
well, i realised i couldn't answer the question seriously... what is
ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to
google chrome and firefox accepting it (a grep of openssl 1.0.1e fails to find
it). does any server actually p
well, i realised i couldn't answer the question seriously... what is
ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to
google chrome and firefox accepting it (a grep of openssl 1.0.1e fails to find
it). does any server actually provide it? if so, what mode does it use (
Don't regret it, it wasn't that bad ;)
--
Erwann ABALEA
Le 13/12/2013 20:39, andrew cooke a écrit :
sorry, that was a bad joke i now regret sending. andrew
On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote:
it dpends how many characters differ when sorted.
in this case:
ECDHE-EC
sorry, that was a bad joke i now regret sending. andrew
On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote:
>
> it dpends how many characters differ when sorted.
>
> in this case:
>
> ECDHE-ECDSA-DES-CBC3-SHA -> 3AABDDDHHSSS
>* *** **
it dpends how many characters differ when sorted.
in this case:
ECDHE-ECDSA-DES-CBC3-SHA -> 3AABDDDHHSSS
* *** **
ECDHE-ECDSA-3DES-EDE-SHA -> 3AACCEEHHSSS
you can see (marked by *) that 6 characters don't match.
now 6 is a triangular
Le 13/12/2013 19:30, Walter H. a écrit :
On 12.12.2013 14:16, Erwann Abalea wrote:
It's not strange.
You removed the RSA-* from client side, the result is that the server
can't match anything in common between what the client proposed and
what the server accepts. The error you get has been sen
On 12.12.2013 14:16, Erwann Abalea wrote:
It's not strange.
You removed the RSA-* from client side, the result is that the server
can't match anything in common between what the client proposed and
what the server accepts. The error you get has been sent by the server.
The server is capable
It's not strange.
You removed the RSA-* from client side, the result is that the server
can't match anything in common between what the client proposed and what
the server accepts. The error you get has been sent by the server.
--
Erwann ABALEA
Le 11/12/2013 22:34, Walter H. a écrit :
Hello,
Hello,
Thanks for your reply;
Very strange in FF
when I disable the use of the RSA-* Ciphersuites in FF, then I get the
following error
Secure Connection failed
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
the certificat
Bonjour,
The certificate specifies "digitalSignature" as its sole key usage.
That means the certified key can only be used to sign data, and not
perform any decrypt operation.
If your server+client are negotiating a (EC)DHE-RSA-* ciphersuite,
that's OK because the server's RSA private key wil
14 matches
Mail list logo
