[openssl-users] ECDSA Certificate does not work
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Apr 28 06:24:08 UTC 2016
On Thu, Apr 28, 2016 at 07:44:53AM +0200, Danny wrote:
> Dear OpenSSL users,
>
> I've been trying to get an ECDSA certificate to work with a postfix
> installation lately.
> , however, it seems that when I try to use the aECDSA protocol with a
> client the server gives "no shared cipher" errors.
>
> I had created the certificate like the following:
>
> openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
> private/ec-email-server.pem
TLS does not support explicit EC parameters. You must use a named
curve by OID. The "-param_enc explicit" option must not be used.
You must also enable ECDHE in s_server to use ECDSA, since neither
RSA key transport nor DHE are possible.
--
Viktor.
More information about the openssl-users
mailing list