On Sat, Apr 20, 2002 at 04:39:05AM +0200, Tamas TEVESZ wrote:
> in my code, i'm setting up acceptable ssl ciphers, which is pretty
> much everthing my pike7.2 installation knows about:
>
> context->preferred_suites = ({
[...]
> SSL_rsa_with_3des_ede_cbc_sha,
[...]
> });
>
[...]
> i know Matthew won't like me for this :), but the setup is pretty much
> expecting opportunistic encryption (so no certs on the exim side, nor
> on the client side).
Nothing to do with my liking it or not ;-) but if you use SSL_rsa_... then
you must have at least one certificate, as the RSA methods send a half a
secret encrypted with the server's key (and a certificate needs to be
presented to do this). I'd say that you ought to only use the SSL_dh (not
sure about the _dhe_ suites, not come across those before) if you want to
support no *server* certificates. Even then, I'm not sure if SSL allows
you to do this.
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/