<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000099">
<font face="Calibri">Interesting; is this a server-side requirement?
I ask because with 1.0.2g my client using "AECDH+AES:ADH+AES"
makes a TLS 1.2 connection with AECDH-AES256-SHA without calling
this function or similar.<br>
<br>
Regards,<br>
jjf<br>
</font><br>
<div class="moz-cite-prefix">On 25/05/2016 21:31, Norm Green wrote:<br>
</div>
<blockquote
cite="mid:aeb1c279-baa1-dfe3-8437-fbe7bab447bd@gemtalksystems.com"
type="cite">Yes! That was the problem. In order to use cipher
"AECDH", SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
<br>
<br>
Thanks Michael!!
<br>
<br>
Norm
<br>
<br>
<br>
On 5/24/16 15:52, Michael Wojcik wrote:
<br>
<blockquote type="cite">
<blockquote type="cite">From: openssl-users
[<a class="moz-txt-link-freetext" href="mailto:openssl-users-bounces@openssl.org">mailto:openssl-users-bounces@openssl.org</a>] On Behalf
<br>
Of Norm Green
<br>
Sent: Tuesday, May 24, 2016 13:40
<br>
<br>
I've tried both:
<br>
<br>
SSL_CTX_set_cipher_list("AECDH")
<br>
<br>
and:
<br>
<br>
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
<br>
<br>
on both the client and server side, both of which result in
the dreaded
<br>
"no shared cipher" error:
<br>
<br>
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
<br>
cipher:s3_srvr.c:1417:
<br>
</blockquote>
You might run a wire trace to see what suites the client is
actually advertising.
<br>
<br>
And you are using TLS, right?
<br>
<br>
For AECDH* (or any ECC suite), don't you have to tell OpenSSL
what curve to use? I haven't implemented that bit myself in any
applications, but my understanding is that with OpenSSL 1.0.2
you can just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you
have to specify a particular named curve with
SSL_CTX_set_tmp_ecdh.
<br>
</blockquote>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
J. J. Farrell
Not speaking for Oracle
</pre>
</body>
</html>