On Wed, Jan 15, 2003 at 11:50:33AM +0100, p b wrote: > I use openssl 0.9.7 > > I made a client - server connexion, and I would like to use TLS with RSA and > DH for key negotiation. > > When I use "AES128-SHA" as cipher parameter, it works. > > But when I set cipher list with "DHE-RSA-AES128-SHA" parameter, it doesn't. > > I added SSL_CTX_set_options(ssl_ctx,SSL_OP_SINGLE_DH_USE | > SSL_OP_EPHEMERAL_RSA ); > > But the result is "no shared cipher" > > Which params may I use, or which function may I added in order to allow the > key negotiations using DH
EPHEMERAL_RSA has nothing to do with your problem and it is not recommended as it violates the TLS protocol. (If it is required by the protocol, it is used automatically with or without this option.) Did you check, whether all requirements are fulfilled? DHE-RSA needs: * RSA keys * DH parameters * random numbers If the PRNG would not be seeded, the error message would be different and if the RSA keys would be missing, AES128-SHA would be failing as well. This leaves missing DH parameters... Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]