Hello, My reading of RFC4492 is that the ECC ciphersuites apply only to TLS 1.0 or later. According to it: "This document describes additions to TLS to support ECC, applicable both to TLS Version 1.0 [2] and to TLS Version 1.1 [3]. In particular, it defines...".
So it seems that SSL 3.0 shouldn't be negotiated with these ciphersuites. However it seems that openssl s_server negotiates ECC ciphersuites even under SSL 3.0. For example: $ openssl version OpenSSL 1.0.0h 12 Mar 2012 $ openssl s_server -cert x509/cert-rsa.pem -key x509/key-rsa.pem -port 5556 Using default temp DH parameters Using default temp ECDH parameters ACCEPT $ ./gnutls-cli localhost -p 5556 --x509cafile ../doc/credentials/x509/ca.pem -d 99 ... |<3>| HSK[0x1d0bdc0]: Server's version: 3.0 ... |<2>| unsupported cipher suite C0.13 ... *** Handshake has failed GnuTLS error: Could not negotiate a supported cipher suite. So it seems that gnutls rejected the connection because the ciphersuite isn't valid for this TLS version. [*] The credentials are just an RSA CA certificate and an RSA server certificate. regards, Nikos ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org