(These are really -users questions.)
Server Key Exchange is used only for ephemeral and anonymous DH and ECDH (and PSK) suites. Anonymous suites aren't enabled by default In openssl, or most clients I know of, and I hope you wouldn't be using PSK without saying so, so that leaves ephemeral. If you want DHE or ECDHE and didn't get it, make sure it is offered by your client(s), not disabled in your server, and the server has parameters set for it either in advance SSL_[CTX_]_set_tmp_[ec]dh or with a callback =_set_tmp_[ec]dh_callback . For EC also make sure the server parameters are a group/curve offered by the client(s) - P-256 or maybe P-384 seems to be the safest bet. Certificate Request will indeed be sent if you set VERIFY_PEER in the SSL, or in the SSL_CTX before the SSL is created and you don't override it. However, if you want the optional list of CAs >in< Certificate Request, you must call SSL_[CTX_]set_client_CA_list . From: [email protected] [mailto:[email protected]] On Behalf Of Vijay Badola Sent: Tuesday, February 04, 2014 04:48 To: [email protected] Subject: *** Spam *** Regarding Handshake Hi, I am new to openssl library. And I am trying to implement initial handshake for DTLS. It is getting carry out correctly but i have one concern. When client is sending CLIENT HELLO ,server is replying with "SERVER HELLO, Certificate, Server Hello Done" only What I want, it should also include "Server Key Exchange and Certificate Request" in SERVER HELLO message. I think I am missing some API to call but no idea. I was guessing SSL_CTX_set_verify() method with flag such as SSL_VERIFY_PEER but it is still not working. Please help me on this. _____ DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto. Thank you - OnMobile Global Limited.
