Parameters for using ECDHE and ECDSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, I found it!

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Matt Caswell
Sent: Thursday, February 05, 2015 2:31 PM
To: openssl-users at openssl.org
Subject: Re: Parameters for using ECDHE and ECDSA



On 05/02/15 18:31, Florence, Jacques wrote:
> Hello,
> 
> I am trying to use ECDHE and ECDSA on a simple openSSL application.
> 
> Here are the steps I did relevant to the problem at hand:
> 
> I generated the key and certificate with ECDSA.
> 
> Then I load the cert and the key with SSL_CTX_use_PrivateKeyFile
> 
> I select the ciphers: SSL_CTX_set_cipher_list(ctx, 
> "ECDHE-ECDSA-AES128-GCM-SHA256");
> 
>  
> 
> But when I try to connect, the server tells me no shared cipher.
> 
> I don't know where this comes from. I am using TLSv1_2_method().
> 
> Do I need to load some parameters like with PEM_read_bio_DHparams and 
> SSL_CTX_set_tmp_dh ?

Yes. If you are using OpenSSL 1.0.2 you can use:

SSL_CTX_set_ecdh_auto

The above will automatically select a suitable ECDH curve to use.

Otherwise you can set a curve explicitly using:

SSL_CTX_set_tmp_ecdh

Matt

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux