On Fri, Dec 18, 2009 at 7:36 AM, Abhishek Rahirikar <abhishek.rahiri...@gmail.com> wrote: > > Ok.. But the tool is able to get all the information using the cipher. It is > able to get the certificate and check the expiry, host of certificate etc. > Do you know what the NSS do if the cipher requested for handshake is not > supported? Is it expected to get the certificate if cipher is not supported?
I assume by "the tool" you meant the NSS-based tool you're testing, not the 'openssl' command-line tool. I don't know why the tool can get all the information using a cipher that NSS doesn't support. NSS cannot request the SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA cipher, so a server cannot possibly select that cipher when communicating with an NSS-based client. You'll need to use a tool such as NSS's ssltap or wireshark to find out what exactly is going on in the SSL handshake, or ask the tool's vendor. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
