> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Norm Green > Sent: Tuesday, May 24, 2016 13:40 > > I've tried both: > > SSL_CTX_set_cipher_list("AECDH") > > and: > > SSL_CTX_set_cipher_list("AECDH-AES256-SHA") > > on both the client and server side, both of which result in the dreaded > "no shared cipher" error: > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared > cipher:s3_srvr.c:1417: You might run a wire trace to see what suites the client is actually advertising. And you are using TLS, right? For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to use? I haven't implemented that bit myself in any applications, but my understanding is that with OpenSSL 1.0.2 you can just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to specify a particular named curve with SSL_CTX_set_tmp_ecdh. -- Michael Wojcik Technology Specialist, Micro Focus
