Hello, I appreciate if anyone can guide me how to set temporary EC Diffie-Hellman parameters to be able to accept SSL connections from a client using ephemeral ECDHE cipher.
I have an ssl based application that can accept SSL connections. I can establish SSL connections from a client using RSA cipher ( eg AES128-SHA), but when I use ECDHE ciphers (eg ECDHE-RSA-AES128-SHA), the SSL handshake fails. I have been googling to understand the issue for several hours, and it looks like I need to set temporary DH parameters. I added the following code right after SSL initialization and creating context. ... EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); if (! ecdh) error (); if (1 != SSL_CTX_set_tmp_ecdh (session_cache_ctx, ecdh)) return -ENOMEM; EC_KEY_free (ecdh); ... But it is still not working. I am not familiar with this area, and I greatly appreciate any help. I am running OpenSSL 1.0.1.EC JA.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev