Diffie-Hellman Questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes!  That was the problem.  In order to use cipher "AECDH", 
SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.

Thanks Michael!!

Norm


On 5/24/16 15:52, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of Norm Green
>> Sent: Tuesday, May 24, 2016 13:40
>>
>> I've tried both:
>>
>> SSL_CTX_set_cipher_list("AECDH")
>>
>> and:
>>
>> SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
>>
>> on both the client and server side, both of which result in the dreaded
>> "no shared cipher" error:
>>
>> error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
>> cipher:s3_srvr.c:1417:
> You might run a wire trace to see what suites the client is actually advertising.
>
> And you are using TLS, right?
>
> For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to use? I haven't implemented that bit myself in any applications, but my understanding is that with OpenSSL 1.0.2 you can just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to specify a particular named curve with SSL_CTX_set_tmp_ecdh.
>



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux