Parameters for using ECDHE and ECDSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/02/15 18:31, Florence, Jacques wrote:
> Hello,
> 
> I am trying to use ECDHE and ECDSA on a simple openSSL application.
> 
> Here are the steps I did relevant to the problem at hand:
> 
> I generated the key and certificate with ECDSA.
> 
> Then I load the cert and the key with SSL_CTX_use_PrivateKeyFile
> 
> I select the ciphers: SSL_CTX_set_cipher_list(ctx,
> ?ECDHE-ECDSA-AES128-GCM-SHA256?);
> 
>  
> 
> But when I try to connect, the server tells me no shared cipher.
> 
> I don?t know where this comes from. I am using TLSv1_2_method().
> 
> Do I need to load some parameters like with PEM_read_bio_DHparams and
> SSL_CTX_set_tmp_dh ?

Yes. If you are using OpenSSL 1.0.2 you can use:

SSL_CTX_set_ecdh_auto

The above will automatically select a suitable ECDH curve to use.

Otherwise you can set a curve explicitly using:

SSL_CTX_set_tmp_ecdh

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux