[openssl-users] 'no shared cipher', TLS_method on OpenSSL-1-1-0-pre7-dev

Jim Carroll jim at carroll.com
Sat Aug 6 20:59:54 UTC 2016 

My bad - needed to initialize SSL_CTX_set_tmp_dh() BEFORE calling SSL_new().

 

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Jim Carroll
Sent: Saturday, August 06, 2016 6:59 AM
To: openssl-users at openssl.org
Subject: [openssl-users] 'no shared cipher', TLS_method on
OpenSSL-1-1-0-pre7-dev

 

Using OpenSSL 1.1.0-pre7-dev, our SSL server app is reporting:

 

10308:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared
cipher:ssl\statem\statem_srvr.c:1420:

 

Client & server both set to use TLS_method() with default ciphers.  With

-DCIPHER_DEBUG enabled in our OpenSSL build, we get the following:

 

0:[00000004:00000008:0000008C:00000014]003C6A08:ECDHE-ECDSA-AES256-GCM-SHA38
4

0:[00000004:00000001:0000008C:00000014]003C6A80:ECDHE-RSA-AES256-GCM-SHA384

0:[00000002:00000001:0000008C:00000014]003C5CAC:DHE-RSA-AES256-GCM-SHA384

0:[00000004:00000008:0000008C:00000014]003C7458:ECDHE-ECDSA-CHACHA20-POLY130
5

0:[00000004:00000001:0000008C:00000014]003C741C:ECDHE-RSA-CHACHA20-POLY1305

0:[00000002:00000001:0000008C:00000014]003C7494:DHE-RSA-CHACHA20-POLY1305

0:[00000004:00000008:0000008C:00000014]003C69CC:ECDHE-ECDSA-AES128-GCM-SHA25
6

0:[00000004:00000001:0000008C:00000014]003C6A44:ECDHE-RSA-AES128-GCM-SHA256

0:[00000002:00000001:0000008C:00000014]003C5C70:DHE-RSA-AES128-GCM-SHA256

0:[00000004:00000008:0000008C:00000014]003C6918:ECDHE-ECDSA-AES256-SHA384

0:[00000004:00000001:0000008C:00000014]003C6990:ECDHE-RSA-AES256-SHA384

0:[00000002:00000001:0000008C:00000014]003C56D0:DHE-RSA-AES256-SHA256

0:[00000004:00000008:0000008C:00000014]003C68DC:ECDHE-ECDSA-AES128-SHA256

0:[00000004:00000001:0000008C:00000014]003C6954:ECDHE-RSA-AES128-SHA256

0:[00000002:00000001:0000008C:00000014]003C5658:DHE-RSA-AES128-SHA256

0:[00000004:00000008:0000008C:00000014]003C64A4:ECDHE-ECDSA-AES256-SHA

0:[00000004:00000001:0000008C:00000014]003C6594:ECDHE-RSA-AES256-SHA

0:[00000002:00000001:0000008C:00000014]003C5400:DHE-RSA-AES256-SHA

0:[00000004:00000008:0000008C:00000014]003C6468:ECDHE-ECDSA-AES128-SHA

0:[00000004:00000001:0000008C:00000014]003C6558:ECDHE-RSA-AES128-SHA

0:[00000002:00000001:0000008C:00000014]003C5310:DHE-RSA-AES128-SHA

0:[00000004:00000008:0000008C:00000014]003C642C:ECDHE-ECDSA-DES-CBC3-SHA

0:[00000004:00000001:0000008C:00000014]003C651C:ECDHE-RSA-DES-CBC3-SHA

0:[00000002:00000001:0000008C:00000014]003C516C:DHE-RSA-DES-CBC3-SHA

0:[00000001:00000001:0000008C:00000014]003C5C34:AES256-GCM-SHA384

0:[00000001:00000001:0000008C:00000014]003C5BF8:AES128-GCM-SHA256

0:[00000001:00000001:0000008C:00000014]003C54F0:AES256-SHA256

0:[00000001:00000001:0000008C:00000014]003C54B4:AES128-SHA256

0:[00000001:00000001:0000008C:00000014]003C5388:AES256-SHA

0:[00000001:00000001:0000008C:00000014]003C5298:AES128-SHA

0:[00000001:00000001:0000008C:00000014]003C50F4:DES-CBC3-SHA

 

It looks like both client & server have a lot of cipher's they could use

together, but for a reason I can't yet understand, the server is refusing to

accept the client's offered ciphers.

 

Could anyone shed any light on this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160806/925e1d08/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4722 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160806/925e1d08/attachment-0001.bin>

More information about the openssl-users mailing list