configuring callbacks (or not) and SNI vs not... no shared cipher from server end

Michael Richardson mcr at
Wed May 8 20:23:38 UTC 2019

My questions about the documentation of the callbacks remain.
Having solved the problem, I'm pretty certain the the "no shared cipher"
error message is way too overloaded.

Some piece of code is clearly doing something useful, which is to check if
the public/private key match.  Unfortunately, that code is not announcing
the mismatch in a useful way.

My provisioning script, due to a typo, was generating new CSRs, but sending
an ancient CSR with an old public key.  Writing up the problem, I eventually
noticed the public key dump from the private key file did not match the
dump from the certificate.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list