[openssl-users] ECDSA Certificate does not work

Danny danny.dejong at student.uva.nl
Thu Apr 28 05:44:53 UTC 2016

Dear OpenSSL users,

I've been trying to get an ECDSA certificate to work with a postfix
installation lately.
, however, it seems that when I try to use the aECDSA protocol with a
client the server gives "no shared cipher" errors.

I had created the certificate like the following:

openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
openssl req -new -x509 -key private/ec-email-server.pem -out
certs/ec-email-server.pem -days 365

Now, when I test the certificate with s_server and s_client like:

openssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem
-key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123

I still get "no shared cipher" errors.
I'm guessing openssl restricts the ciphers to those ciphers that use
ECDSA as authentication.
However, maybe openssl doesn't allow me (for some reason) to use ECDSA.
I'm using Debian and my openssl version is:
OpenSSL 1.0.1k 8 Jan 2015

Does anyone know where the issue lies?
Thank you

More information about the openssl-users mailing list