[openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error
Rajeswari K
raji.kotamraju at gmail.com
Tue Feb 3 03:17:26 UTC 2015
Hello Dave,
Thanks for responding. Following is the output printed by openssl
./openssl req -in csr.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=eccert/unstructuredName=xxxx
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
ASN1 OID: prime256v1
Attributes:
Requested Extensions:
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: ecdsa-with-SHA256
Please share is there any issue with these parameters?
Thanks,
Rajeswari.
On Tue, Feb 3, 2015 at 8:28 AM, Dave Thompson <dthompson at prinpay.com> wrote:
> > From: openssl-users On Behalf Of Rajeswari K
> > Sent: Sunday, February 01, 2015 21:18
>
> > Am facing an issue of "no shared cipher" error during SSL Handshake,
> > when tried to negotiate ECDHE cipher suite.
> <snip>
> > *Feb 2 01:00:47.894: SSL_accept:error in SSLv3 read client hello C
> > *Feb 2 01:00:47.894: 3854049196:error:1408A0C1:SSL routines:
> > SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:1381:
>
> > Have updated with temporary ECDH callback during SSL Server
> initialization.
>
> > ECDSA certificate is being signed using openssl commands.
>
> How was the keypair and CSR generated? In particular, check the
> publickey in the CSR, and thus in the cert, has the curve encoded in
> "named" form (as an OID) not "explicit" form (with all the details of
> prime or polynomial, equation coefficients, base point, and cofactor).
>
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150203/10c5cca7/attachment.html>
More information about the openssl-users
mailing list