> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Norm Green
> Sent: Tuesday, May 24, 2016 13:40
> 
> I've tried both:
> 
> SSL_CTX_set_cipher_list("AECDH")
> 
> and:
> 
> SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
> 
> on both the client and server side, both of which result in the dreaded
> "no shared cipher" error:
> 
> error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
> cipher:s3_srvr.c:1417:

You might run a wire trace to see what suites the client is actually 
advertising.

And you are using TLS, right?

For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to 
use? I haven't implemented that bit myself in any applications, but my 
understanding is that with OpenSSL 1.0.2 you can just call 
SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to specify a particular 
named curve with SSL_CTX_set_tmp_ecdh.

-- 
Michael Wojcik
Technology Specialist, Micro Focus

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to