[openssl-users] Diffie-Hellman Questions
Norm Green
norm.green at gemtalksystems.com
Tue May 24 19:39:38 UTC 2016
I've tried both:
SSL_CTX_set_cipher_list("AECDH")
and:
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
on both the client and server side, both of which result in the dreaded
"no shared cipher" error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher:s3_srvr.c:1417:
The following works but is not what I want:
SSL_CTX_set_cipher_list("ADH")
Any suggestions on how to proceed?
Norm Green
On 5/24/16 10:45, Salz, Rich wrote:
>> >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None"
>> AECDH-AES256-SHA SSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
>> AECDH-AES128-SHA SSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
>> AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1
>> AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168)
>> Mac=SHA1
>> AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
>>
>> 1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these?
>> I previously tried "kEECDH:kEDH" and that didn't work.
> Use one of the names in the first column.
>
>> 2) These ciphers all report as SSLv3.
> That is the protocol version where they were first defined.
>
>
More information about the openssl-users
mailing list