[Mono-bugs] [Bug 78075][Nor] Changed - Mono SSL stack
performance/tuning issues
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed Apr 12 17:13:50 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=78075
--- shadow/78075 2006-04-12 16:59:43.000000000 -0400
+++ shadow/78075.tmp.29839 2006-04-12 17:13:50.000000000 -0400
@@ -276,6 +276,24 @@
6.6.2 was written in C, and used gnutls.
We can try to make our tomcat use RC4/128bit, but is there a way to do
this on the client side? It's fairly likely that our client will be
pointed at a https server that is running some other software (like
apache).
+
+------- Additional Comments From sebastien at ximian.com 2006-04-12 17:13 -------
+You cannot(*) do this at the client side because, by (good) design,
+it's a server decision.
+
+The server "owns" the data so it has to make the decision to select
+the "best" cipher to do the job (from the client list of supported
+ciphers). If the client doesn't have any cipher "good enough" then the
+server shouldn't complete the handshake.
+
+See it another way, if a cipher is broken today, it would be easier
+(and safer) to update the servers than the clients ;-)
+
+(*) there is no API to do so but in theory you could limit the client
+list of ciphers (down to a single one if required), then the server
+would have the choice to (a) use that or (b) fail.
+
+p.s. I'm still curious about the cipher selection done using 6.6.2 :)
More information about the mono-bugs
mailing list