[openssl-users] Parameters for using ECDHE and ECDSA

Florence, Jacques florencej at us.panasonic.com
Thu Feb 5 23:15:50 UTC 2015


Thanks, I found it!

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Thursday, February 05, 2015 2:31 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Parameters for using ECDHE and ECDSA



On 05/02/15 18:31, Florence, Jacques wrote:
> Hello,
> 
> I am trying to use ECDHE and ECDSA on a simple openSSL application.
> 
> Here are the steps I did relevant to the problem at hand:
> 
> I generated the key and certificate with ECDSA.
> 
> Then I load the cert and the key with SSL_CTX_use_PrivateKeyFile
> 
> I select the ciphers: SSL_CTX_set_cipher_list(ctx, 
> "ECDHE-ECDSA-AES128-GCM-SHA256");
> 
>  
> 
> But when I try to connect, the server tells me no shared cipher.
> 
> I don't know where this comes from. I am using TLSv1_2_method().
> 
> Do I need to load some parameters like with PEM_read_bio_DHparams and 
> SSL_CTX_set_tmp_dh ?

Yes. If you are using OpenSSL 1.0.2 you can use:

SSL_CTX_set_ecdh_auto

The above will automatically select a suitable ECDH curve to use.

Otherwise you can set a curve explicitly using:

SSL_CTX_set_tmp_ecdh

Matt

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list