On Wed, Jan 15, 2003 at 11:50:33AM +0100, p b wrote:
> I use openssl 0.9.7
>
> I made a client - server connexion, and I would like to use TLS with RSA and
> DH for key negotiation.
>
> When I use "AES128-SHA" as cipher parameter, it works.
>
> But when I set cipher list with "DHE-RSA-AES128-SHA" parameter, it doesn't.
>
> I added SSL_CTX_set_options(ssl_ctx,SSL_OP_SINGLE_DH_USE |
> SSL_OP_EPHEMERAL_RSA );
>
> But the result is "no shared cipher"
>
> Which params may I use, or which function may I added in order to allow the
> key negotiations using DH
EPHEMERAL_RSA has nothing to do with your problem and it is not recommended
as it violates the TLS protocol. (If it is required by the protocol, it
is used automatically with or without this option.)
Did you check, whether all requirements are fulfilled? DHE-RSA needs:
* RSA keys
* DH parameters
* random numbers
If the PRNG would not be seeded, the error message would be different
and if the RSA keys would be missing, AES128-SHA would be failing as well.
This leaves missing DH parameters...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
