[apache-modules] Please help! with AES

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[apache-modules] Please help! with AES

PJ-7
Can anyone answer this??
 
To implement AES / SSL by default in our Fat Client -> Apache (both of which
are currently using openssl-0.9.7g on Win32) is there anything I need to
alter on the client (SSL startup) or the server (Apache config or mod_ssl)
or will it just default to using AES / SSL.
 
Thanks again.
 
P.S. Our SSL initiation (client) goes like this
 
...
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
m_SSLMeth = SSLv23_client_method();
m_SSLCtx = SSL_CTX_new (m_SSLMeth);
SSL_CTX_set_mode(m_SSLCtx, SSL_MODE_AUTO_RETRY); ...
 
 
Regards
Pj.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [apache-modules] Please help! with AES

Sander Temme
Hey Pj,

On Nov 9, 2005, at 7:27 PM, Pj wrote:

> Can anyone answer this??

Can you tell me what the connection is between your question and  
Apache module development?

> To implement AES / SSL by default in our Fat Client -> Apache (both  
> of which
> are currently using openssl-0.9.7g on Win32) is there anything I  
> need to
> alter on the client (SSL startup) or the server (Apache config or  
> mod_ssl)
> or will it just default to using AES / SSL.
>
> Thanks again.
>
> P.S. Our SSL initiation (client) goes like this
>
> ...
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> m_SSLMeth = SSLv23_client_method();
> m_SSLCtx = SSL_CTX_new (m_SSLMeth);
> SSL_CTX_set_mode(m_SSLCtx, SSL_MODE_AUTO_RETRY); ...
The way SSL works is that during the handshake, the client offers up  
a list of ciphers it knows and/or wants to use. The server gets to  
pick which cipher is actually used for the connection. So, if you  
either:

a) program your client to offer only a cipher that uses AES for  
symmetric encryption, or
b) configure your server to only accept such cipher(s)

you should be OK. I'm not sure exactly how to do this; you may be  
better off asking your question in a forum dedicated to OpenSSL or  
mod_ssl.

S.

smime.p7s (3K) Download Attachment