On Mon, 16 Mar 1998, Frank Maritato wrote:
> I am having a small problem getting my client to talk to the
> s_server app provided with SSLeay using the diffie-hellman algorithm.
> My client is written in Java, and I have the cipher set to
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5. I am using `ssleay s_server -nocert`
> to fire up the server. I get the following error:
To protect the unknowing, The DH_anon ciphers are normally disabled. This is
because they are inherently vunerable to attack, so it you want them, you will
have to put in some extra work :-).
First, compile with SSL_ALLOW_ADH, and then make sure to call
SSL_CTX_set_cipher_list(SSL_CTX *, char *str), where str should be something
like "DEFAULT:+ADH"
The default cipher list is in ssl.h, defined as SSL_DEFAULT_CIPHER_LIST.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
