Hello, It's possible I'm doing something wrong here, but I can't seem to negotiate ecdhe with an elliptic curve other than P-256. To reproduce the issue, using openssl 1.0.2 openssl s_server -key server.key -cert server.crt -msg -debug -dhparam dhparam.pem -cipher ECDHE-RSA-AES128-SHA -tls1_2 gnutls-cli 127.0.0.1 -p 4433 -d 4 --insecure --priority="NORMAL:-KX-ALL:+ ECDHE-RSA:-CURVE-ALL:+CURVE-SECP224R1" which gives the error :SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1366: changing to p256r1 succeeds. is there a particular why the negotation would fail with p224 ? my understanding is that openssl supports all the nist curves. Regards, David -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/67342e28/attachment.html>
