Finally spotted the problem after debugging with wireshark. The problem is that NSS tool performs handshake with more ciphers than the intended cipher.
Can anyone please guide me how to perform handshake with a single cipher suite specified? SSL_CipherPrefSet function can be used, but I doubt if I can disable all ciphers with the function. After disabling SSL3, SSL2 and TLS (Using SSL_OptionSet), I am not sure if I will be able to perfoem SSL handshake with a cipher (by only enabling that cipher) that is one of the three types of cipher. Is there any way by which I can specify a cipher list which needs to be tested just like Openssl provides -cipher option used in Openssl? Thank you for the help. Regards, Abhishek "Nelson Bolyard" <nonelsons...@nobolyardspam.me> wrote in message news:tdqdnulbzr1xkk_wnz2dnuvz_ovi4...@mozilla.org... > On 2009-12-21 02:52 PST, Abhishek Rahirikar wrote: >> Hello Wan-Teh and All, >> >> I am now getting curiously confused with the problem. >> >> Another cipher I saw today which has similar issues. >> >> Tool using NSS fails to perform handshake with cipher >> SSL_RSA_WITH_DES_CBC_SHA. But Openssl is able to perform handshake with >> its >> cipher equivalant DES-CBC-SHA. >> I am doubtful if this cipher is also not supported by the NSS? If it is >> so >> then why this time it fails to handshake? >> NSS version the tool using is 3.12. >> >>> I don't know why the tool can get all the information using >>> a cipher that NSS doesn't support. NSS cannot request >>> the SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA cipher, >>> so a server cannot possibly select that cipher when >>> communicating with an NSS-based client. >> >> Is there any detail document available for SSL_ForceHandshake. > > Have you looked at the online reference manual for libSSL functions? > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1133431 > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
