On Apr 8, 2007, at 7:47 PM, Takurou Saitou wrote:
$ ./openssl ciphers -v ECDHE-ECDSA-AES256-SHAECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ---------------------------------------------------------------------- ---------------------------------- A version of OpenSSL using is 0.9.8e.
See, that's strange. Without a thorough look at the actual code, I don't know which call we make to get the list of CipherSuites from OpenSSL. However, I wouldn't be surprised if we (Apache) would not pick up a cipher that was not in the list.
If this is the case, the fact that your cipher is not in the list is a bug in OpenSSL and should be brought to their attention.
The following error occurred when I was going to use a certificate of ECDSA in mod_ssl of Apache2.2.4 for trial.What is the value of your SSLCipherSuite directive in your configuration file?I appoint 'ECDHE-ECDSA-AES256-SHA' in 'SSLCipherSuite' directive experimentally.The error that I showed by a previous email is given right after I execute 'httpd -kstart'.Therefore I think that it is a previous problem with CipherSuite of ECDSA.
Could you make sure that your Apache is linked against a library that supports the cipher, for instance on unix systems you could run
ldd /path/to/your/apache/bin/httpdand look at the entries for libcrypto.so.(...) and libssl.so.(...), and make sure they resolve to the right OpenSSL installation if you have more than one on your machine.
How did you generate this certificate? If you could paste me the command sequence you used to generate the key and certificate, I can do some experimentation and see if I can reproduce your issue.
Also, are you able to print the certificate using openssl x509 -in yourcert.file -noout -text ? S. -- sctemme@xxxxxxxxxx http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|