hi All, I've been trying to make ECDHE-ECDSA connections with openssl and have been having trouble.
openssl s_client -connect mail.google.com:443 -tls1_2 This connects with cipher = ECDHE-RSA-AES128-GCM-SHA256 According to Google-Chrome, the cipher for my web-based gmail connection should be: ECDHE-ECDSA-AES128-GCM-SHA256 If I try to make that connection openssl s_client -connect mail.google.com:443 -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 I get: CONNECTED(00000003) 139818747868832:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1440:SSL alert number 40 139818747868832:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:617: which looks like no connection. I'm running ubuntu (12.04, I think) on a VM on a Macbook Air using VMware. I tried the default ubuntu SSL, 1.0.1f, 1.0.1c and 1.0.2beta1, no luck in any case. I downloaded and compiled the latest version of gnutls: This gives an ECDHE-ECDSA connection gnutls-cli --priority=NORMAL:-KX-ALL:+ECDHE-ECDSA mail.google.com This gives an ECDHE-RSA gnutls-cli --priority=NORMAL:-KX-ALL:+ECDHE-RSA mail.google.com So I'm able to see both types of certificates for mail.google.com with gnutls. Any ideas why I can't do that with openssl? Cheers, -Tom