[openssl-users] regarding openssl 1.0.2e

Suman.Patro-TRN Suman.Patro-TRN at lntebg.com
Tue Jan 19 15:52:25 UTC 2016


         I am trying with SSL handshake mechanism with ECDSA-ECDHE-AES-SHA and have generated certificates following the below link.


But have certain issues regarding the same.

1.  The generated certificates show "The certificate has an invalid  signature " and the public key length shown  is ECC (0 bits ) . Upon exploring some websites, I understood, it is related to key length restrictions of windows. I am working on windows. But creating ECC keys and signing it by RSA works fine, the problem prevails with ECDSA, how do I resolve the same?

2. The s_server and s_client of openssl are implemented for ECDSA_ECDHE_AES_GCM_SHA384 but the same  s_server and s_client work with my ECDHE-RSA certificates as well , How is that possible?The ECDHE-RSA certificates should work invalid. But that's not the case, it works fine. Please explain the underlying reason.

3. The s_server and s_client behave quite uncertain at times i.e  the same cipher suite that I input is recognized at one instance and at other instance the same suite is not recognized and I am provided with an error  of "no shared cipher error" from the server side. Please explain.

         Kindly answer. Any help is highly appreciated.

        Thanks and regards,



Larsen & Toubro Limited


This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160119/b1231ffe/attachment.html>

More information about the openssl-users mailing list