I got the point: the server certificate is ECDSA with curve secp256r1.
It works with RSA certificate and curves sepc256r1/sepc384r1/sepc521r1/x25519/x448.
On Thu, Jun 13, 2019 at 3:00 AM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote:
> > > Tried below commands,
> > > openssl s_server -trace -state -cert server.cer -key server.key -accept port
> > > openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect localhost:port
> >
> > With same commands, using OpenSSL 1.1.1c, I get:
> >
> > CONNECTION ESTABLISHED
> > Protocol version: TLSv1.2
> > Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
> > Peer certificate:
> > Hash used: SHA256
> > Signature type: RSA-PSS
> > Supported Elliptic Curve Point Formats: ...
> > Server Temp Key: X25519, 253 bits
> >
> > Perhaps your s_client is not the one from 1.1.1 or it is dynamically
> > linked against 1.1.0 libraries...
> >
> My s_client can support TLSv1.3, so it should not be from any pre-1.1.1
> version.
You say that, but the evidence suggests otherwise. In each of
whatever shells you're using to start the client and server,
it would be prudent to run:
$ openssl version -v
Here's an example with the command and library at the same version:
$ /usr/local/bin/openssl version -v
OpenSSL 1.1.1c 28 May 2019
And here's another where they differ in the patchlevel:
$ LD_PRELOAD=/lib/libcrypto.so.111:/usr/lib/libssl.so.111 /usr/local/bin/openssl version -v
OpenSSL 1.1.1c 28 May 2019 (Library: OpenSSL 1.1.1a-freebsd 20 Nov 2018)
Without forcing anything with LD_PRELOAD, ... are your client and
server in fact 1.1.1 in both the executable and the library?
--
Viktor.
