On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote: > > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() ); > > if ( sip_trp_ssl_ctx == NULL ) { > > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed"); > > return SSL_INIT_ERROR; > > } > > Well, EC support was added to SSL/TLS at TLS 1.2.
That's not the case. ECDSA and ECDHE predate TLSv1.2. Full support for EC in OpenSSL starts in OpenSSL 1.0.0, while support for TLSv1.2 was added in 1.0.1 IIRC. $ openssl ciphers -v 'aECDSA:!TLSv1.2' ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1 $ openssl ciphers -v 'aECDSA+TLSv1.2' ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org