[openssl-users] Diffie-Hellman Questions
jeremy.farrell at oracle.com
Wed May 25 21:10:11 UTC 2016
Interesting; is this a server-side requirement? I ask because with
1.0.2g my client using "AECDH+AES:ADH+AES" makes a TLS 1.2 connection
with AECDH-AES256-SHA without calling this function or similar.
On 25/05/2016 21:31, Norm Green wrote:
> Yes! That was the problem. In order to use cipher "AECDH",
> SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
> Thanks Michael!!
> On 5/24/16 15:52, Michael Wojcik wrote:
>>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
>>> Of Norm Green
>>> Sent: Tuesday, May 24, 2016 13:40
>>> I've tried both:
>>> on both the client and server side, both of which result in the dreaded
>>> "no shared cipher" error:
>>> error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
>> You might run a wire trace to see what suites the client is actually
>> And you are using TLS, right?
>> For AECDH* (or any ECC suite), don't you have to tell OpenSSL what
>> curve to use? I haven't implemented that bit myself in any
>> applications, but my understanding is that with OpenSSL 1.0.2 you can
>> just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to
>> specify a particular named curve with SSL_CTX_set_tmp_ecdh.
J. J. Farrell
Not speaking for Oracle
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users