[openssl-users] Parameters for using ECDHE and ECDSA
Matt Caswell
matt at openssl.org
Thu Feb 5 19:31:09 UTC 2015
On 05/02/15 18:31, Florence, Jacques wrote:
> Hello,
>
> I am trying to use ECDHE and ECDSA on a simple openSSL application.
>
> Here are the steps I did relevant to the problem at hand:
>
> I generated the key and certificate with ECDSA.
>
> Then I load the cert and the key with SSL_CTX_use_PrivateKeyFile
>
> I select the ciphers: SSL_CTX_set_cipher_list(ctx,
> “ECDHE-ECDSA-AES128-GCM-SHA256”);
>
>
>
> But when I try to connect, the server tells me no shared cipher.
>
> I don’t know where this comes from. I am using TLSv1_2_method().
>
> Do I need to load some parameters like with PEM_read_bio_DHparams and
> SSL_CTX_set_tmp_dh ?
Yes. If you are using OpenSSL 1.0.2 you can use:
SSL_CTX_set_ecdh_auto
The above will automatically select a suitable ECDH curve to use.
Otherwise you can set a curve explicitly using:
SSL_CTX_set_tmp_ecdh
Matt
More information about the openssl-users
mailing list