[openssl-users] DTLS handshake in WebRTC

Suman Paul sumanpaul1987 at gmail.com
Wed Mar 1 05:55:27 UTC 2017

I have been looking at WebRTC DTLS handshake and don’t understand the logic of how it works.

My Firefox client has support for both RSA and ECDSA ciphers while my DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see that Firefox sends a ECDSA key during client hello. What ends up happening is that DHE-RSA-AES128-SHA is selected. I would have expected the negotiation to fail due to there being no common ciphers. 

I also verified this behavior using the OpenSSL s_server and s_client utilities. Seems to me that as long as s_server has a cert and key of the type of cipher I enforce with ‘-cipher’ option the negotiation succeeds irrespective of the type of key the s_client (provided that cipher is also supported by the client).

Can someone educate me as to why same kind of key is not required at both ends?


More information about the openssl-users mailing list