[openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error

Rajeswari K raji.kotamraju at gmail.com
Tue Feb 3 03:17:26 UTC 2015

Hello Dave,

Thanks for responding. Following is the output printed by openssl

./openssl req -in csr.csr -noout -text

Certificate Request:
        Version: 0 (0x0)
        Subject: CN=eccert/unstructuredName=xxxx
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)

                ASN1 OID: prime256v1
        Requested Extensions:
            X509v3 Key Usage: critical
                Digital Signature
    Signature Algorithm: ecdsa-with-SHA256

Please share is there any issue with these parameters?


On Tue, Feb 3, 2015 at 8:28 AM, Dave Thompson <dthompson at prinpay.com> wrote:

> > From: openssl-users On Behalf Of Rajeswari K
> > Sent: Sunday, February 01, 2015 21:18
> > Am facing an issue of "no shared cipher" error during SSL Handshake,
> > when tried to negotiate ECDHE cipher suite.
> <snip>
> > *Feb  2 01:00:47.894: SSL_accept:error in SSLv3 read client hello C
> > *Feb  2 01:00:47.894: 3854049196:error:1408A0C1:SSL routines:
> > SSL3_GET_CLIENT_HELLO:no shared cipher  s3_srvr.c:1381:
> > Have updated with temporary ECDH callback during SSL Server
> initialization.
> > ECDSA certificate is being signed using openssl commands.
> How was the keypair and CSR generated? In particular, check the
> publickey in the CSR, and thus in the cert, has the curve encoded in
> "named" form (as an OID) not "explicit" form (with all the details of
> prime or polynomial, equation coefficients, base point, and cofactor).
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150203/10c5cca7/attachment.html>

More information about the openssl-users mailing list