<div dir="ltr"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">Hello, </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">It's possible I'm doing something wrong here, but I can't seem to negotiate ecdhe with an elliptic curve other than P-256. To reproduce the issue, using openssl 1.0.2 </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">openssl s_server  -key server.key -cert server.crt -msg -debug -dhparam dhparam.pem  -cipher ECDHE-RSA-AES128-SHA -tls1_2 </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">gnutls-cli 127.0.0.1 -p 4433 -d 4 --insecure --priority="NORMAL:-KX-ALL:+</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">ECDHE-RSA:-CURVE-ALL:+CURVE-</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">SECP224R1" </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">which gives the error </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">:SSL routines:ssl3_get_client_</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">hello:no shared cipher:s3_srvr.c:1366: </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br>changing to p256r1 succeeds. <span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">is there a particular why the negotation would fail with p224 ? my understanding is that openssl supports all the nist curves. </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">Regards, </span><br style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">David </span><br></div>