[openssl-users] ECDHE Negotiation for Client but not Server

Benn Bollay benn.bollay at gmail.com
Fri Nov 13 19:21:22 UTC 2015

Hi folks -

Tested against OpenSSL 1.0.1f and 1.0.1p (but with modifications).

I've got some code that creates an SSL_CTX (http://pastebin.com/XveDvvch)
that works fine for negotiating ECDHE-* ciphers as a client when talking to
an s_server, but fails as a server both when accepting connections from
itself or from s_client with a no shared cipher error.

You can download a full package to reproduce the issue at

You can run the test by using make:

  $ make all

  $ make s_server & # Run’s OpenSSL s_server in the background

  $ make t_client # Runs the client - should be able to see the handshake
complete on the server’s log window.

  $ make t_server & # After killing the s_server, start up the test server

  $ make s_client # Fails to negotiate.

Any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/21b240ce/attachment.html>

More information about the openssl-users mailing list