kolos_ws@xxxxxxxx wrote:
> Hi Philippe,
>
>> Very interesting documentation. Certainly worth adding to the SSL
>> wiki page.
>>
>> Is there any way I can validate that my client is using a DH algorithm ?
>>
>> I looked at the trace again, the thing that looks like choosing the
>> protocol is the following :
>>
>> TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
>> Content Type: Change Cipher Spec (20)
>> Version: TLS 1.0 (0x0301)
>> Length: 1
>> Change Cipher Spec Message
>>
>> But it does not mention any protocol names. Nor does it in the debug
>> log.
>
> In the trace, look at the Server Hello.
>
> It should contain something like 'Cipher Suite'.
>
> I've just done a quick test, and for me, it looks like:
> "Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)"
>
Handshake Protocol: Server Hello
[...]
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
I don't see any DH here, so maybe that's not the problem.
> If you're using Firefox as your client, you can view what it's
> configured to use by typing 'about:config' in your address bar.
It's a SOAP call done from a python soap implementation. I should be
able to configure it somewhere but I am not sure of what I should put.
cheers,
Philippe