Hello. > I developed an application based on ACE_SSL which based on openssl. > I found I could not set up a TLS connection with no certificate verification. > That is I just want a TLS connection without certificate. Anonymous ciphers are disabled by default in OpenSSL (default: ALL:!ADH:+RC4:@STRENGTH). You should enable ADH on client _and_ on server side. These may be done with SSL_CTX_set_cipher_list().
> I used the same cipherlist and rand file with openssl command, > while openssl command could succeeded to setup a TLS connection, > but my application always failed with "SSL3_GET_CLIENT_HELLO:no shared > cipher" error. > > successful openssl command > On server side > openssl s_server -accept 25062 -nocert -cipher aNULL -rand > /home/zhangl/openssl/test/ca.bak/newcerts/01.pem > On client side > openssl s_client -connect gdcqd1:25062 -cipher aNULL -rand > /home/zhangl/openssl/test/ca.bak/newcerts/01.pem > Removing aNULL on any side will break TLS handshake. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
