Robert Relyea wrote:
this is your overall problem. If NSS does not have a cipher enabled,
it will neither advertise it nor select it, no matter where it is on the
list.
There are two possible reasons for this:
1) New Ciphers are not enabled by default, you need to explicitly turn
on that cipher in the application.
(you can do this in selfserv and tstclnt with just by cipher suite
number). Some applications query the available ciphers and turn them on
automatically, others will need to be modified.
2) All ciphers are checked to make sure there is an implementation for
the cipher (that is there is a PKCS #11 module that implements that
cipher). If your PKCS #11 module is not loaded, the cipher will never be
enabled. Since you got S/MIME to work, I'm presuming you have a PKCS #11
mechanism number for the cipher already and that mechanism is already
implemented in some PKCS #11 module.
I had already did what you suggested but it helps me to know exactly
what needed to be changed. But it still didn't worked. I tried to do the
very same thing with an already-implemented cipher (camellia) and it
worked. Therefore I have done something wrong somewhere in NSS.
I'll now track down Camellia everywhere in the code (one more time) and
look for what I've missed.
Thank you Robert for your help.
Gregory.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
