Robert Relyea a écrit :
In sslsock.c, I print ssl3_CipherPrefSetDefault and I can see that my
cipher is not enabled.
Do you have any hints/tests which could help me ? Some tests I could do ?
What am I missing ?
OK, this is your overall problem. If NSS does not have a cipher enabled,
it will neither advertise it nor select it, no matter where it is on the
list.
There are two possible reasons for this:
1) New Ciphers are not enabled by default, you need to explicitly turn
on that cipher in the application.
(you can do this in selfserv and tstclnt with just by cipher suite
number). Some applications query the available ciphers and turn them on
automatically, others will need to be modified.
2) All ciphers are checked to make sure there is an implementation for
the cipher (that is there is a PKCS #11 module that implements that
cipher). If your PKCS #11 module is not loaded, the cipher will never be
enabled. Since you got S/MIME to work, I'm presuming you have a PKCS #11
mechanism number for the cipher already and that mechanism is already
implemented in some PKCS #11 module.
I finally managed to have my cipher enabled. However it is still not
picked at the negociation. I did my tests and build OpenSSL several
times with Camellia enabled and as a priority and the same thing with
NSS. It works.
I did it one more time with SEED. Each time I manage to achieve what I
want with other ciphers.
As I said I would do, I looked every where in the code where the word
"camellia" appears and my code is very much alike. I really don't know.
What's your opinion ?
Gregory.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
