[openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error

Dave Thompson dthompson at prinpay.com
Wed Feb 4 12:39:15 UTC 2015

> From: openssl-users On Behalf Of Rajeswari K
> Sent: Monday, February 02, 2015 22:17

> Thanks for responding. Following is the output printed by openssl

> ./openssl req -in csr.csr -noout -text 
>        Subject Public Key Info:
>            Public Key Algorithm: id-ecPublicKey
>                Public-Key: (256 bit)
>                pub:
>                ASN1 OID: prime256v1

Yes, that is named form. Then I don't know what the problem is.

Generic debugging advice, if you haven't tried these already:

Does the problem occur with s_client to your server?

Does the problem occur with s_client to s_server using the same 
cert&key, cipherlist (if not default) and same or reasonable tmp-ECDH?

Actually, that's a thought. You said your server uses tmp-ECDH callback; 
does that (always) provide a curve/parameters object that *has* an OID 
which maps to one of the TLS standard curves in 4492 (and one specified 
in the client hello but your earlier trace looked like the client specified all).
s_server *only* supports named curves (and defaults to p256).

More information about the openssl-users mailing list