[Mono-bugs] [Bug 78075][Nor] Changed - Mono SSL stack performance/tuning issues

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Apr 12 17:13:50 EDT 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/78075	2006-04-12 16:59:43.000000000 -0400
+++ shadow/78075.tmp.29839	2006-04-12 17:13:50.000000000 -0400
@@ -276,6 +276,24 @@
 6.6.2 was written in C, and used gnutls.
 We can try to make our tomcat use RC4/128bit, but is there a way to do
 this on the client side?  It's fairly likely that our client will be
 pointed at a https server that is running some other software (like
+------- Additional Comments From sebastien at ximian.com  2006-04-12 17:13 -------
+You cannot(*) do this at the client side because, by (good) design,
+it's a server decision.
+The server "owns" the data so it has to make the decision to select
+the "best" cipher to do the job (from the client list of supported
+ciphers). If the client doesn't have any cipher "good enough" then the
+server shouldn't complete the handshake.
+See it another way, if a cipher is broken today, it would be easier
+(and safer) to update the servers than the clients ;-)
+(*) there is no API to do so but in theory you could limit the client
+list of ciphers (down to a single one if required), then the server 
+would have the choice to (a) use that or (b) fail.
+p.s. I'm still curious about the cipher selection done using 6.6.2 :)

More information about the mono-bugs mailing list