On Tue Jan 28 22:49:18 2014, [email protected] wrote: > Hi, > > I have server code using openssl 1.0.0e that is intended to only > support two cipher types, > as selected by this sttatement: > > SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-SHA384:AES256-SHA"); > > However when connecting using "openssl s_client" it reports that the > session is using a > different cipher: > > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDH-RSA-AES256-SHA384 > ... > > To narrow this down, I tried just listing a single cipher suite as > follows: > > #openssl ciphers "ECDH-ECDSA-AES256-SHA384" > ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384 > > As you can see, I requested one cipher, but two are listed. > > Looking in ssl/s3_lib.c, the ssl3_ciphers array has entries for the > above two ciphers that > are the same. I think this is a bug. In fact, it looks like a number > of entries are incorrect, > namely C00B, C00C, C00D, C00E, C00F, C029, C02A, C031, and C032. All > contain "SSL_aECDH" where > I think it should be "SSL_aRSA". >
I think you mean OpenSSL 1.0.1e as TLS v1.2 isn't supported in 1.0.0 releases. Please try the recently released 1.0.1f which should fix this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
