[openssl-users] regarding openssl 1.0.2e
Suman.Patro-TRN
Suman.Patro-TRN at lntebg.com
Tue Jan 19 15:52:25 UTC 2016
Hello,
I am trying with SSL handshake mechanism with ECDSA-ECDHE-AES-SHA and have generated certificates following the below link.
http://this.is.thoughtcrime.org.nz/elliptic-curve-ca-guide
But have certain issues regarding the same.
1. The generated certificates show "The certificate has an invalid signature " and the public key length shown is ECC (0 bits ) . Upon exploring some websites, I understood, it is related to key length restrictions of windows. I am working on windows. But creating ECC keys and signing it by RSA works fine, the problem prevails with ECDSA, how do I resolve the same?
2. The s_server and s_client of openssl are implemented for ECDSA_ECDHE_AES_GCM_SHA384 but the same s_server and s_client work with my ECDHE-RSA certificates as well , How is that possible?The ECDHE-RSA certificates should work invalid. But that's not the case, it works fine. Please explain the underlying reason.
3. The s_server and s_client behave quite uncertain at times i.e the same cipher suite that I input is recognized at one instance and at other instance the same suite is not recognized and I am provided with an error of "no shared cipher error" from the server side. Please explain.
Kindly answer. Any help is highly appreciated.
Thanks and regards,
Suman
[http://www.lntebg.com/images/Digital_Signature_Elecrama_2016.jpg]
Larsen & Toubro Limited
www.larsentoubro.com
This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160119/b1231ffe/attachment.html>
More information about the openssl-users
mailing list