Perhaps I'm being naive, but it seems like it should be possible for an ssl peer to algorithmically specify the ordered list of preferred ciphersuites given the following information: 1. ordered list (in preference order) of available signature algorithms 2. ordered list (in preference order) of available integrity algorithms 3. ordered list (in preference order) of available encryption algorithms 4. for server, signature type (e.g., RSA, DSA, Fortezza, DH) of its certificate (NULL if no certificate) 5. for server, signature type (e.g., RSA, DSA, Fortezza) of ordered list (in preference order) of trusted root certificates Is this at all a reasonable idea? I'm struggling with how to expose this "choice" (ordering of ssl ciphersuites in preference order) to a user or an administrator through some INI or config file "knobs". I do NOT want to expose them to ordering strings like: SSL_RSA_WITH_RC4_MD5 SSL_DHE_DSA_WITH_3DES_SHA etc. in a config file. +-------------------------------------------------------------------------+ | Administrative requests should be sent to [EMAIL PROTECTED] | | List service provided by Open Software Associates, http://www.osa.com/ | +-------------------------------------------------------------------------+
