[openssl-users] ECDHE Negotiation for Client but not Server
Benn Bollay
benn.bollay at gmail.com
Fri Nov 13 19:21:22 UTC 2015
Hi folks -
Tested against OpenSSL 1.0.1f and 1.0.1p (but with modifications).
I've got some code that creates an SSL_CTX (http://pastebin.com/XveDvvch)
that works fine for negotiating ECDHE-* ciphers as a client when talking to
an s_server, but fails as a server both when accepting connections from
itself or from s_client with a no shared cipher error.
You can download a full package to reproduce the issue at
http://www.magitech.org/gambit/ecdhetest.tar.gz
You can run the test by using make:
$ make all
$ make s_server & # Run’s OpenSSL s_server in the background
$ make t_client # Runs the client - should be able to see the handshake
complete on the server’s log window.
$ make t_server & # After killing the s_server, start up the test server
$ make s_client # Fails to negotiate.
Any suggestions?
Cheers,
--B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/21b240ce/attachment.html>
More information about the openssl-users
mailing list