Re: New to the list and one question ;-)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Matt, adding a call to SSL_CTX_set_ecdh_auto()  on the server side actually did the trick. Problem solved!!!

/Patrick 




Contrary to what you said in your original post the chrome session is NOT
selecting 0xc02f. Instead it is selecting 0x002f which is
TLS_RSA_WITH_AES_128_CBC_SHA (aka AES128-SHA in the OpenSSL naming scheme).

This cipher is not being offered by firefox but is by chrome. It is striking to
note that although chrome is offering a whole list of ciphersuites offering
forward secrecy (i.e. all those including ECDHE/DHE), the server is instead
selecting a very old ciphersuite that does not support forward secrecy.

In comparison firefox does not offer any ciphersuites that do not support
forward secrecy and the connection fails.

Have you called SSL_CTX_set_tmp_dh() or SSL_CTX_set_ecdh_auto() on the server?
I'd suggest trying those and see if it helps.

Matt


Sent from Yahoo Mail for iPhone
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux