Julien Pierre napsal: > > NSS only supports RSA ECDHE cipher suites on the client side at this > time, so this is expected. If you are using NSS on the server side, you > need to enable alternate cipher suites - and of course you need to > enable them on the client side as well.
Thanks for advise, unfortunatelly this invokes another problem. I enabled for client and sever another 4 suites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Server closes the connection with error number -12227 (SSL_ERROR_WRONG_CERTIFICATE) described as "Client authentication failed: private key in key database does not correspond to public key in certificate database." I am 100% sure the private key (RSA) is corresponding to the public key provided in the cert. I am not sure in this point, but it seems that NSS needs the certificates by signed by ECC. Maybe I am wrong. And yet another question: why do you restrict usage to just the ECC cryptography? Means this to stop using classic DH and RSA? _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto