[openssl-users] OpenSSL-1.1-pre5 SSL_CTX_set_tmp_dh_callback
pepone.onrez
pepone.onrez at gmail.com
Fri Jul 1 10:24:28 UTC 2016
Hi,
I trying to update my software to use OpenSSL-1.1 and I having problems
with DH callbacks
When build with 1.1.0-pre5 the callback set with SSL_CTX_set_tmp_dh_callback
is not being called, when using 1.0.x it is called as expected.
I have build 1.1.0-pre5 from sources with default configuration, do I
need any special build option for this to work?
In my test the server and client enables only ADH ciphers, I see the
following ciphers are enabled:
ADH-AES256-GCM-SHA384
ADH-AES128-GCM-SHA256
ADH-AES256-SHA256
ADH-CAMELLIA256-SHA256
ADH-AES128-SHA256
ADH-CAMELLIA128-SHA256
ADH-AES256-SHA
ADH-CAMELLIA256-SHA
ADH-AES128-SHA
ADH-SEED-SHA
ADH-CAMELLIA128-SHA
ADH-DES-CBC3-SHA
The connection fails with
error # = 337002677
message = error:141640B5:SSL routines:tls_construct_client_hello:no
ciphers available
I assume this is related to the DH callback not being called, and so
ADH ciphers cannot be used?
Any ideas why the DH callback is not being called, as I say the code
works fine with all previous OpenSSL versions.
Regards,
José
More information about the openssl-users
mailing list