Hi Abhishek,
You can modify desired cipher set by calling SSL_CipherPrefSet.
See an example at
http://mxr.mozilla.org/security/source/security/nss/cmd/tstclnt/tstclnt.c#749
Alexei
Abhishek Rahirikar wrote:
Finally spotted the problem after debugging with wireshark.
The problem is that NSS tool performs handshake with more ciphers than the
intended cipher.
Can anyone please guide me how to perform handshake with a single cipher
suite specified? SSL_CipherPrefSet function can be used, but I doubt if I
can disable all ciphers with the function.
After disabling SSL3, SSL2 and TLS (Using SSL_OptionSet), I am not sure if I
will be able to perfoem SSL handshake with a cipher (by only enabling that
cipher) that is one of the three types of cipher.
Is there any way by which I can specify a cipher list which needs to be
tested just like Openssl provides -cipher option used in Openssl?
Thank you for the help.
Regards,
Abhishek
"Nelson Bolyard" <nonelsons...@nobolyardspam.me> wrote in message
news:tdqdnulbzr1xkk_wnz2dnuvz_ovi4...@mozilla.org...
On 2009-12-21 02:52 PST, Abhishek Rahirikar wrote:
Hello Wan-Teh and All,
I am now getting curiously confused with the problem.
Another cipher I saw today which has similar issues.
Tool using NSS fails to perform handshake with cipher
SSL_RSA_WITH_DES_CBC_SHA. But Openssl is able to perform handshake with
its
cipher equivalant DES-CBC-SHA.
I am doubtful if this cipher is also not supported by the NSS? If it is
so
then why this time it fails to handshake?
NSS version the tool using is 3.12.
I don't know why the tool can get all the information using
a cipher that NSS doesn't support. NSS cannot request
the SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA cipher,
so a server cannot possibly select that cipher when
communicating with an NSS-based client.
Is there any detail document available for SSL_ForceHandshake.
Have you looked at the online reference manual for libSSL functions?
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1133431
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
