[openssl-users] ecc negotiation

David Rufino david.rufino at gmail.com
Sun Apr 5 21:04:46 UTC 2015


It's possible I'm doing something wrong here, but I can't seem to negotiate
ecdhe with an elliptic curve other than P-256. To reproduce the issue,
using openssl 1.0.2

openssl s_server  -key server.key -cert server.crt -msg -debug -dhparam
dhparam.pem  -cipher ECDHE-RSA-AES128-SHA -tls1_2

gnutls-cli -p 4433 -d 4 --insecure --priority="NORMAL:-KX-ALL:+

which gives the error

:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1366:

changing to p256r1 succeeds. is there a particular why the negotation would
fail with p224 ? my understanding is that openssl supports all the nist

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/67342e28/attachment.html>

More information about the openssl-users mailing list