[openssl-users] ECDSA Certificate does not work
Danny
danny.dejong at student.uva.nl
Thu Apr 28 05:44:53 UTC 2016
Dear OpenSSL users,
I've been trying to get an ECDSA certificate to work with a postfix
installation lately.
, however, it seems that when I try to use the aECDSA protocol with a
client the server gives "no shared cipher" errors.
I had created the certificate like the following:
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out
certs/ec-email-server.pem -days 365
Now, when I test the certificate with s_server and s_client like:
openssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem
-key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123
I still get "no shared cipher" errors.
I'm guessing openssl restricts the ciphers to those ciphers that use
ECDSA as authentication.
However, maybe openssl doesn't allow me (for some reason) to use ECDSA.
I'm using Debian and my openssl version is:
OpenSSL 1.0.1k 8 Jan 2015
Does anyone know where the issue lies?
Thank you
More information about the openssl-users
mailing list