<div dir="ltr"><div>I got my application to support openssl s_client connections using the ephemeral ECDH cipher suites. I didn't initialize it properly.<br><br></div><div>Now I am looking at how to get my application accept openssl connections from a client with multiple curves instead of just "NID_X9_62_prime256v1". I appreciate any tips.<br> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);<br><br></div><div>Thanks!<br><br></div><div>Jordan.<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 12:12 PM, yordanos beyene <span dir="ltr"><<a target="_blank" href="mailto:yordanosb@gmail.com">yordanosb@gmail.com</a>></span> wrote:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><font face="Courier New">Hello,</font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New">I appreciate if anyone can guide me how to set temporary EC Diffie-Hellman parameters to be able to accept SSL connections from a client using ephemeral ECDHE cipher.</font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New">I have an ssl based application that can accept SSL connections. </font><font face="Courier New">I can establish SSL connections from a client using RSA cipher ( eg AES128-SHA), b</font><font face="Courier New">ut when I use the ephemeral EDHE ciphers (eg ECDHE-RSA-AES128-SHA), the SSL handshake fails.</font></div><div><font face="Courier New"></font><br></div><div>I have been googling to understand the issue for several hours, and it looks like I need to set temporary DH parameters.</div><div><br></div><div>I added the following code right after SSL initialization and creating context in my application.</div><div>...<br></div><div> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);</div><div> ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);<br></div><div> if (! ecdh)<br> error ();<br></div><div> if (1 != SSL_CTX_set_tmp_ecdh (session_cache_ctx, ecdh))<br> return -ENOMEM;</div><div> EC_KEY_free (ecdh);<br></div><font face="Courier New"><div>...</div><div><br></div><div>But it is still not working. I am not familiar with this area, and I greatly appreciate any help.</div><div><br></div><div>I am running OpenSSL 1.0.1<br></div><div><br></div><div>Jordan.<br></div></font><div><br></div></div>
</div><br></div>
</blockquote></div><br></div></div></div></div>