On 16/01/18 10:31, Huy Cong Vu wrote: > OpenSSL_add_all_algorithms(); > SSL_load_error_strings(); You do not need to make the above two calls in 1.1.0. They are called automatically. > //Setup curves parameters > EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); > SSL_CTX_set_tmp_ecdh (ctx_in, ecdh); > EC_KEY_free(ecdh); You do not need to do this in 1.1.0. Curve parameters are set up automatically. > > //Set options > SSL_CTX_set_options(ctx_in, SSL_OP_SINGLE_ECDH_USE && SSL_MODE_AUTO_RETRY); You are using logical && here instead of boolean |. This will mean that these options are not correctly set. In any case SSL_OP_SINGLE_ECDH_USE is not needed and is unused in 1.1.0 (it has the value 0). This is the default (and only) mode of operation any way for 1.1.0. > //wait on buffer > int bytes = SSL_read(ssl, buf, sizeof(buf)); > //here bytes return -1, and there is no error with SSL_get_errors Try calling ERR_print_errors_fp() here to see if you get any clues. Thanks for the advice, I got these as error: 1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:210 1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:375 Does it means my configuration is not correct, or not synchronized between client and server? Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users