[openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error
Dave Thompson
dthompson at prinpay.com
Wed Feb 4 12:39:15 UTC 2015
> From: openssl-users On Behalf Of Rajeswari K
> Sent: Monday, February 02, 2015 22:17
> Thanks for responding. Following is the output printed by openssl
> ./openssl req -in csr.csr -noout -text
<snip>
> Subject Public Key Info:
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
> pub:
>
> ASN1 OID: prime256v1
Yes, that is named form. Then I don't know what the problem is.
Generic debugging advice, if you haven't tried these already:
Does the problem occur with s_client to your server?
Does the problem occur with s_client to s_server using the same
cert&key, cipherlist (if not default) and same or reasonable tmp-ECDH?
Actually, that's a thought. You said your server uses tmp-ECDH callback;
does that (always) provide a curve/parameters object that *has* an OID
which maps to one of the TLS standard curves in 4492 (and one specified
in the client hello but your earlier trace looked like the client specified all).
s_server *only* supports named curves (and defaults to p256).
More information about the openssl-users
mailing list