<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><span>How about the following?</span></div><div><span><br></span></div><div id="yui_3_16_0_ym19_1_1473437700342_2886"><span id="yui_3_16_0_ym19_1_1473437700342_2887">    EC_KEY *ecdh_parms = </span><span id="yui_3_16_0_ym19_1_1473437700342_2888">NULL</span><span id="yui_3_16_0_ym19_1_1473437700342_2889">;</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2890"><span id="yui_3_16_0_ym19_1_1473437700342_2891"></span><br id="yui_3_16_0_ym19_1_1473437700342_2892"></div><div id="yui_3_16_0_ym19_1_1473437700342_2893"><span id="yui_3_16_0_ym19_1_1473437700342_2894">    </span><span id="yui_3_16_0_ym19_1_1473437700342_2895">if</span><span id="yui_3_16_0_ym19_1_1473437700342_2896"> (!(ecdh_parms= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)))</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2897"><span id="yui_3_16_0_ym19_1_1473437700342_2898">    {</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2899"><span id="yui_3_16_0_ym19_1_1473437700342_2900">        printf(</span><span id="yui_3_16_0_ym19_1_1473437700342_2901">"ECDH key generation failed"</span><span id="yui_3_16_0_ym19_1_1473437700342_2902">);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2899" dir="ltr"><span>        return 0;</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2909"><span id="yui_3_16_0_ym19_1_1473437700342_2910">    }</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2911"><span id="yui_3_16_0_ym19_1_1473437700342_2912"></span><br id="yui_3_16_0_ym19_1_1473437700342_2913"></div><div id="yui_3_16_0_ym19_1_1473437700342_2914"><span id="yui_3_16_0_ym19_1_1473437700342_2915">    </span><span id="yui_3_16_0_ym19_1_1473437700342_2916">if</span><span id="yui_3_16_0_ym19_1_1473437700342_2917"> (EC_KEY_precompute_mult(ecdh_parms, </span><span id="yui_3_16_0_ym19_1_1473437700342_2918">NULL</span><span id="yui_3_16_0_ym19_1_1473437700342_2919">) == </span><span id="yui_3_16_0_ym19_1_1473437700342_2920">0</span><span id="yui_3_16_0_ym19_1_1473437700342_2921">)</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2922"><span id="yui_3_16_0_ym19_1_1473437700342_2923">    {</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2924" dir="ltr"><span id="yui_3_16_0_ym19_1_1473437700342_2925">        printf(</span><span id="yui_3_16_0_ym19_1_1473437700342_2926">"ECDH precomputation failed"</span><span id="yui_3_16_0_ym19_1_1473437700342_2927">);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2928"><span id="yui_3_16_0_ym19_1_1473437700342_2929">        EC_KEY_free (ecdh_parms);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2930"><span id="yui_3_16_0_ym19_1_1473437700342_2931">        </span><span id="yui_3_16_0_ym19_1_1473437700342_2932">return</span><span id="yui_3_16_0_ym19_1_1473437700342_2933"> </span><span id="yui_3_16_0_ym19_1_1473437700342_2934">0</span><span id="yui_3_16_0_ym19_1_1473437700342_2935">;</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2936"><span id="yui_3_16_0_ym19_1_1473437700342_2937">    }</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2938"><span id="yui_3_16_0_ym19_1_1473437700342_2939"></span><br id="yui_3_16_0_ym19_1_1473437700342_2940"></div><div id="yui_3_16_0_ym19_1_1473437700342_2941"><span id="yui_3_16_0_ym19_1_1473437700342_2942">    </span><span id="yui_3_16_0_ym19_1_1473437700342_2943">if</span><span id="yui_3_16_0_ym19_1_1473437700342_2944"> (SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh_parms) == </span><span id="yui_3_16_0_ym19_1_1473437700342_2945">0</span><span id="yui_3_16_0_ym19_1_1473437700342_2946">)</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2947"><span id="yui_3_16_0_ym19_1_1473437700342_2948">    {</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2949" dir="ltr"><span id="yui_3_16_0_ym19_1_1473437700342_2950">        printf(</span><span id="yui_3_16_0_ym19_1_1473437700342_2951">"ECDH key could not be set"</span><span id="yui_3_16_0_ym19_1_1473437700342_2952">);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2953"><span id="yui_3_16_0_ym19_1_1473437700342_2954">        EC_KEY_free (ecdh_parms);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2955"><span id="yui_3_16_0_ym19_1_1473437700342_2956">        </span><span id="yui_3_16_0_ym19_1_1473437700342_2957">return</span><span id="yui_3_16_0_ym19_1_1473437700342_2958"> </span><span id="yui_3_16_0_ym19_1_1473437700342_2959">0</span><span id="yui_3_16_0_ym19_1_1473437700342_2960">;</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2961"><span id="yui_3_16_0_ym19_1_1473437700342_2962">    }</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2963"><span id="yui_3_16_0_ym19_1_1473437700342_2964"></span><br id="yui_3_16_0_ym19_1_1473437700342_2965"></div><div id="yui_3_16_0_ym19_1_1473437700342_2966"><span id="yui_3_16_0_ym19_1_1473437700342_2967">    EC_KEY_free (ecdh_parms);</span></div><div id="yui_3_16_0_ym19_1_1473437700342_2968"><br><span id="yui_3_16_0_ym19_1_1473437700342_2969"></span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Friday, September 9, 2016 9:29 PM, yordanos beyene <yordanosb@gmail.com> wrote:<br></font></div>  <br><br> <div class="y_msg_container"><div id="yiv2361052144"><div><div dir="ltr"><div>I got my application to support openssl s_client connections using the ephemeral ECDH cipher suites. I didn't initialize it properly.<br clear="none"><br clear="none"></div><div>Now I am looking at how to get my application accept openssl connections from a client with multiple curves instead of just "NID_X9_62_prime256v1". I appreciate any tips.<br clear="none">      EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);<br clear="none"><br clear="none"></div><div>Thanks!<br clear="none"><br clear="none"></div><div>Jordan.<br clear="none"></div><div class="yiv2361052144yqt8806938884" id="yiv2361052144yqt55394"><div><div><div class="yiv2361052144gmail_extra"><br clear="none"><div class="yiv2361052144gmail_quote">On Thu, Sep 8, 2016 at 12:12 PM, yordanos beyene <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:yordanosb@gmail.com" target="_blank" href="mailto:yordanosb@gmail.com">yordanosb@gmail.com</a>></span> wrote:<br clear="none"><blockquote class="yiv2361052144gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div dir="ltr"><div class="yiv2361052144gmail_quote"><div dir="ltr"><div><font face="Courier New">Hello,</font></div><div><font face="Courier New"><br clear="none"></font></div><div><font face="Courier New">I appreciate if anyone can guide me how to set temporary EC Diffie-Hellman parameters to be able to accept SSL connections from a client using ephemeral ECDHE cipher.</font></div><div><font face="Courier New"><br clear="none"></font></div><div><font face="Courier New">I have an ssl based application that can accept SSL connections. </font><font face="Courier New">I can establish SSL connections from a client using RSA cipher ( eg AES128-SHA), b</font><font face="Courier New">ut when I use the ephemeral EDHE ciphers (eg ECDHE-RSA-AES128-SHA), the SSL handshake fails.</font></div><div><font face="Courier New"></font><br clear="none"></div><div>I have been googling to understand the issue for several hours, and it looks like I need to set temporary DH parameters.</div><div><br clear="none"></div><div>I added the following code right after SSL initialization and creating context in my application.</div><div>...<br clear="none"></div><div>   EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);</div><div>   ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);<br clear="none"></div><div>   if (! ecdh)<br clear="none">       error ();<br clear="none"></div><div>   if (1 != SSL_CTX_set_tmp_ecdh (session_cache_ctx, ecdh))<br clear="none">      return -ENOMEM;</div><div>   EC_KEY_free (ecdh);<br clear="none"></div><font face="Courier New"></font><div>...</div><div><br clear="none"></div><div>But it is still not working. I am not familiar with this area, and I greatly appreciate any help.</div><div><br clear="none"></div><div>I am running OpenSSL 1.0.1<br clear="none"></div><div><br clear="none"></div><div>Jordan.<br clear="none"></div><div><br clear="none"></div></div>
</div><br clear="none"></div>
</blockquote></div><br clear="none"></div></div></div></div></div></div></div><br><div class="yqt8806938884" id="yqt91912">-- <br clear="none">openssl-users mailing list<br clear="none">To unsubscribe: <a shape="rect" href="https://mta.openssl.org/mailman/listinfo/openssl-users" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br clear="none"></div><br><br></div>  </div> </div>  </div></div></body></html>