|
On Fri, 24 May 2002, Brian McGrogan wrote: > I can replicate the problem using this (openssl-0.9.6d) : > > [root@localhost src]# openssl s_client -connect example.com:50855 > -cipher RC4-MD5 -showcerts [SNIP] > > Yet, I can establish an SSL connection using this method: > > [root@localhost src]# openssl s_client -connect example.com:50855 -ssl3 [SNIP] Hmmm... the -ssl3 switch works, but -cipher RC4-MD5 doesn't. The -ssl3 switch causes OpenSSL to force the use of TLSv1 or SSLv3 instead of auto-negotiating between TLSv1, SSLv3 and SSLv2. The -cipher switch changes which encryption/decryption cipher you're using, which isn't quite the same thing. Looking at the source for the openssl program (in the apps/s_client.c source file) I see that -ssl3 uses the SSLv3_client_method() method, whereas if you don't specify that switch, it defaults to the SSLv23_client_method() (which is what we use in TN5250) If you specify both the -ssl3 switch and the other options, does it work? That would imply that you need to use the SSLv3_client_method(). If you're building TN5250 from source, you could do a quick test by editing src/sslstream.c, searching for 'SSLv23_client_method' and changing it to 'SSLv3_client_method', then recompile and try it out... If that works, let me know. I could add a ssl_method config keyword, so people can set whichever SSL method works best for them...
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
