[openssl-users] Multiple reconnection in OpenSSL 1.1.0
Matt Caswell
matt at openssl.org
Tue Jan 16 11:04:45 UTC 2018
On 16/01/18 10:31, Huy Cong Vu wrote:
> OpenSSL_add_all_algorithms();
> SSL_load_error_strings();
You do not need to make the above two calls in 1.1.0. They are called
automatically.
> //Setup curves parameters
> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
> SSL_CTX_set_tmp_ecdh (ctx_in, ecdh);
> EC_KEY_free(ecdh);
You do not need to do this in 1.1.0. Curve parameters are set up
automatically.
>
> //Set options
> SSL_CTX_set_options(ctx_in, SSL_OP_SINGLE_ECDH_USE && SSL_MODE_AUTO_RETRY);
You are using logical && here instead of boolean |. This will mean that
these options are not correctly set. In any case SSL_OP_SINGLE_ECDH_USE
is not needed and is unused in 1.1.0 (it has the value 0). This is the
default (and only) mode of operation any way for 1.1.0.
> //wait on buffer
> int bytes = SSL_read(ssl, buf, sizeof(buf));
> //here bytes return -1, and there is no error with SSL_get_errors
Try calling ERR_print_errors_fp() here to see if you get any clues.
Matt
More information about the openssl-users
mailing list