[openssl-users] ECDSA Certificate does not work

Viktor Dukhovni openssl-users at dukhovni.org
Thu Apr 28 06:24:08 UTC 2016

On Thu, Apr 28, 2016 at 07:44:53AM +0200, Danny wrote:
> Dear OpenSSL users,
> I've been trying to get an ECDSA certificate to work with a postfix
> installation lately.
> , however, it seems that when I try to use the aECDSA protocol with a
> client the server gives "no shared cipher" errors.
> I had created the certificate like the following:
> openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
> private/ec-email-server.pem

TLS does not support explicit EC parameters.  You must use a named
curve by OID.  The "-param_enc explicit" option must not be used.

You must also enable ECDHE in s_server to use ECDSA, since neither
RSA key transport nor DHE are possible.


More information about the openssl-users mailing list