[openssl-users] Multiple reconnection in OpenSSL 1.1.0

Matt Caswell matt at openssl.org
Tue Jan 16 11:04:45 UTC 2018



On 16/01/18 10:31, Huy Cong Vu wrote:
> OpenSSL_add_all_algorithms(); 
> SSL_load_error_strings();

You do not need to make the above two calls in 1.1.0. They are called
automatically.

> //Setup curves parameters
> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
> SSL_CTX_set_tmp_ecdh (ctx_in, ecdh);
> EC_KEY_free(ecdh);

You do not need to do this in 1.1.0. Curve parameters are set up
automatically.


> 
> //Set options
> SSL_CTX_set_options(ctx_in, SSL_OP_SINGLE_ECDH_USE && SSL_MODE_AUTO_RETRY);

You are using logical && here instead of boolean |. This will mean that
these options are not correctly set. In any case SSL_OP_SINGLE_ECDH_USE
is not needed and is unused in 1.1.0 (it has the value 0). This is the
default (and only) mode of operation any way for 1.1.0.

>                 //wait on buffer
> 		int bytes = SSL_read(ssl, buf, sizeof(buf));
>                 //here bytes return -1, and there is no error with SSL_get_errors

Try calling ERR_print_errors_fp() here to see if you get any clues.

Matt



More information about the openssl-users mailing list