> On Oct 13, 2016, at Oct 13, 3:19 PM, Thierry Fournier > <thierry.fourn...@ozon.io> wrote: > > > The negociated cipher is "AECDH-AES256-SHA", and I don't know if this > cipher is ECDSA :) At least it seems to work. > > Thierry >
That’s not a cipher that would normally be considered “good” to use since it doesn’t perform any message authentication [1]. It may (or may not) be enough to trigger the memory leak you’re looking for though. However, if you’d like to go with a full EC stack and use a realistic cipher, then get it working with one of these. $> openssl ciphers -v 'ECDSA:!NULL' ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 1. https://en.wikipedia.org/wiki/Authenticated_encryption <https://en.wikipedia.org/wiki/Authenticated_encryption> -Bryan (not a cryptographer)
