W3C home > Mailing lists > Public > www-lib@w3.org > July to September 1999

RE: SSL for Europe

From: Olga Antropova <olga@goliath.eai.com>
Date: Wed, 15 Sep 1999 10:11:02 -0500 (CDT)
Message-ID: <XFMail.990915101102.olga@eai.com>
To: Grohmann Peter EBK <GrohmannP@Graz.Spardat.at>
Cc: "www-lib@w3.org" <www-lib@w3.org>
Hello Peter,

If you use OpenSSL you can just set the ciphers so that it is only capable of
doing a patricular encryption algorithm. 

I did the following (where ssl is of type SSL * )
 
            //wiht BSAFE SSL-C package
            retval = SSL_set_cipher_list(ssl, "DEFAULT:EXP");   

            //with OpenSSL package
            //retval = SSL_set_cipher_list(ssl, "EXP-RC4-MD5"); 
            //retval = SSL_set_cipher_list(ssl, "EXP-RC2-CBC-MD5"); 
            
            retval = SSL_connect(ssl);
        
It gives 40 bit encryption strength.

As for https proxy - it is very hard to put it into the library. I am working
on it now (just because I have the same urgent goals as you do...). When I am
done I will sketch where, what and why I changed and send email to the library.
I estimate that I will need one more week at least. 

Basically with the https proxy:

        1) Be sure to set KeepAliveTimeout on https server to nonzero (default
is 0)
        2) Connect to the proxy 
        3) Issue "CONNECT proxy_name:proxy_port HTTP/1.0" request. This will
create the channel between your application and https server over which they can
talk SSL. Https proxy just passes the traffic through w/o examining it.
        4) Restart request in a new HTTPSProxyAfterFilter after resetting 
the request method to METHOD_GET
        5) Substitute the streams in the connected channel by HTSSLWriter and 
HTSSLReader.
        6) Have the mechanism to reconnect throuch the https proxy if broken
pipe happens (which depends on timeouts on both https server and https proxy,
and which happens often for me).
        7) Try not to break existing functionality :-)


Olga Antropova.


On 15-Sep-99 Grohmann Peter EBK wrote:
> Hi!
> 
> I would need a 56-bit version of SSL for the libwww. Has anyone such code? I
> need it very much and as fast as possible to access https-server.
> 
> Thanx for response
> Peter Grohmann
Received on Wednesday, 15 September 1999 11:12:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:15:17 UTC