Hi, I have tried to set ciphersuite to ADH. And I checked my application with s_server.c and s_client.c. When -nocert is set for openssl server, the certificate is not loaded. My application also does not load any certificate. But my connection still could not be setup without server certificate.
Roger > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Victor Duchovni > Sent: Monday, April 17, 2006 11:09 AM > To: openssl-users@openssl.org > Subject: Re: strange problem of "no shared cipher" for no certificate > TLS connection > > > On Mon, Apr 17, 2006 at 10:20:14AM +0800, Zhang, Long (Roger) wrote: > > > Hi, Steve, > > > > Thanks for your reply. I found no use to add dhparam file > to my server > > and client. The connection still could not be setup. I > found if I set > > server certificate and private key, the connection could be > setup. That > > is, server certificate is required even I used SSL_CTX_set_verify > > to set both server and client mode to SSL_VERIFY_NONE. That realy > > makes me confused. I am using TLSv1 method. And I set ciphersuite to > > ALL:+ADH:+aNULL:+NULL:+eNULL with SSL_CTX_set_cipher_list(), but the > > connection still could not be setup without server certificate. Is > > there anything I can do? > > Try: setting the ciphersuite to "ADH". Also, test with > s_server and s_client. > > $ openssl s_server -nocert -cipher ADH -accept 12345 & > ... > $ openssl s_client -cipher ADH -connect 127.0.0.1:12345 > CONNECTED(00000003) > -----BEGIN SSL SESSION PARAMETERS----- > MHUCAQECAgMBBAIAOgQgb5EGFC/WTA2O7JYVFxiDqSW4om3UXYWwmFTpu7WKftIE > ME0jydMKoAZxK1cW+QHIF8aYN+ev0CakDWc1PyAiSIeMWTwPsYYRh9rlSp3Xk+uE > 86EGAgREQv41ogQCAgEspAYEBAEAAAA= > -----END SSL SESSION PARAMETERS----- > Shared > ciphers:ADH-AES256-SHA:ADH-AES128-SHA:ADH-DES-CBC3-SHA:ADH-DES > -CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5 > CIPHER is ADH-AES256-SHA > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 291 bytes and written 198 bytes > --- > New, TLSv1/SSLv3, Cipher is ADH-AES256-SHA > SSL-Session: > Protocol : TLSv1 > Cipher : ADH-AES256-SHA > Session-ID: > 6F9106142FD64C0D8EEC9615171883A925B8A26DD45D85B09854E9BBB58A7ED2 > Session-ID-ctx: > Master-Key: > 4D23C9D30AA006712B5716F901C817C69837E7AFD026A40D67353F20224887 > 8C593C0FB1861187DAE54A9DD793EB84F3 > Key-Arg : None > Start Time: 1145241141 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > > This is an example of a working ADH handshake. Figure out where your > application differs from s_client and s_server. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
