--Apple-Mail-1--726283253
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit

I can partially answer question #1. Yes, the client send the list of
ciphers it supports to the server. The server will then pick the
'strongest' cipher from the list for negotiating the session. The
priority is based on strength, best I can tell and differ between
server implementations. For instance IIS and Apache will negotiate
slightly different as far as what each considers 'stronger'.

If your definition of random is each web server platform being a bit
different in negotiation, then yes it is random (sarcasm)

Hope that helps,
Brian Trzupek

On Mar 4, 2008, at 5:28 AM, Baur, Mateus (Brazil R&D-CL) wrote:

> Hi All,
>
> I have some doubts regarding OpenSSL cipher algorithms and I was
> wondering if someone could help me with that.
>
> 1) If my understanding is correct, the client sends the list
> of supported cipher algorithms and the server will choose one
> algorithm of such list in order to establish the secure channel. Is
> there some priority for the algorithms? For instances, will it favor
> AES in lieu DES whenever supported by the client? Or is the
> algorithm chosen randomly?
> 2) How is the symmetric key negotiated in OpenSSL? Does it use
> Diffie-Hellman or RSA? Or does it vary depending on client request?
> If the second, what is used if client supports both?
>
> Thanks in advance,
> Mateus
>



--Apple-Mail-1--726283253
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

-webkit-line-break: after-white-space; ">I can partially answer question =
#1. Yes, the client send the list of ciphers it supports to the server. =
The server will then pick the 'strongest' cipher from the list for =
negotiating the session. The priority is based on strength, best I can =
tell and differ between server implementations. For instance IIS and =
Apache will negotiate slightly different as far as what each considers =
'stronger'.

If =
your definition of random is each web server platform being a bit =
different in negotiation, then yes it is random =
(sarcasm) 

class=3D"webkit-block-placeholder">
Hope that =
helps,
Brian Trzupek

On Mar 4, 2008, at =
5:28 AM, Baur, Mateus (Brazil R&D-CL) wrote:

class=3D"Apple-interchange-newline">
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0; ">
vlink=3D"purple">
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman'; "> face=3D"Arial">Hi =
All,>>
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman'; "> face=3D"Arial"> ">>
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman'; "> face=3D"Arial">I =
have some doubts regarding OpenSSL cipher algorithms and I was wondering =
if someone could help me with that.>>
style=3D"margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman'; "> 10pt; font-family: Arial; ">>
style=3D"text-indent: -18pt; margin-top: 0cm; margin-right: 0cm; =
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 12pt; font-family: =
'Times New Roman'; "> style=3D"font-size: 10pt; font-family: Arial; ">1) face=3D"Times New Roman"> 7pt/normal 'Times New Roman'; =
">       class=3D"Apple-converted-space"> 
<=
/font> font-family: Arial; ">If my understanding is correct, the client sends =
the list of supported cipher algorithms and the server will choose one =
algorithm of such list in order to establish the secure channel. Is =
there some priority for the algorithms? For instances, will it favor AES =
in lieu DES whenever supported by the client? Or is the algorithm chosen =
randomly?>>
-18pt; margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman'; "> 10pt; font-family: Arial; ">2) Roman"> Roman'; ">       class=3D"Apple-converted-space"> <=
/font> font-family: Arial; ">How is the symmetric key negotiated in OpenSSL? =
Does it use Diffie-Hellman or RSA? Or does it vary depending on client =
request? If the second, what is used if client supports =
both?>>
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman'; "> face=3D"Arial"> ">>
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman'; "> face=3D"Arial"> ">Thanks in advance,>>
style=3D"margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman'; "> 10pt; font-family: Arial; ">Mateus>>
style=3D"margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman'; "> 10pt; font-family: Arial; =
">>
iv>
=

--Apple-Mail-1--726283253--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org