[openssl-users] AECDH problem: works in 1.0.2, fails in 1.1
Norm Green
norm.green at gemtalksystems.com
Tue Dec 13 21:09:19 UTC 2016
I have a simple C program that works in 1.0.2 but fails with the same
code in 1.1.
Here's the psuedo code for the client and server:
Server:
const SSL_METHOD *meth = TLSv1_2_server_method();
SSL_CTX *ctx = SSL_CTX_new(meth);
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_cipher_list(ctx, "AECDH");
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL *ssl = SSL_new(ctx);
SSL_accept(ssl);
Client:
const SSL_METHOD *meth = TLSv1_2_client_method();
SSL_CTX *ctx = SSL_CTX_new(meth);
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_cipher_list(ctx, "AECDH");
SSL *ssl = SSL_new(ctx);
SSL_connect(ssl);
In 1.1, the client gets this error from SSL_connect()
SSL_connect returned SSL_ERROR_SSL
Details: error:141640B5:SSL routines:tls_construct_client_hello:no
ciphers available
ssl/statem/statem_clnt.c at 815
What do I need to do to make AECDH work in 1.1 ?
Norm Green
More information about the openssl-users
mailing list