Oops! The -nocert option in the s_server invocation should not be there.
---------- Forwarded message ----------
From: JCA <[EMAIL PROTECTED]>
Date: Feb 4, 2008 8:28 AM
Subject: Fwd: An OpenSSL server with NULL cipher support
To: openssl-users@openssl.org
OK, I found it. In case this helps somebody out there, the way it
works for me is the following:
The client is invoked as
openssl s_client -connect 127.0.0.1:443 -cipher COMPLEMENTOFALL:aNULL
and the server as
openssl s_server -msg -accept 443 -nocert -cipher COMPLEMENTOFALL:aNULL
With this, the server accepts the TLS_RSA_WITH_NULL_SHA ciphersuite
without complaints.
---------- Forwarded message ----------
From: JCA <[EMAIL PROTECTED]>
Date: Feb 3, 2008 9:44 AM
Subject: An OpenSSL server with NULL cipher support
To: openssl-users@openssl.org
I am trying to use the openssl command line utility in order to
launch an SSL server supporting the NULL encryption cipher (I am
trying to debug a simple SSL client.) To that effect, I launch openssl
as follows:
# openssl s_server -accept 443 -nocert -WWW -cipher 'ALL:NULL'
The client is proposing the following ciphersuites:
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
But the server does not like this at all :-( It always replies with
20962:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:974:
Is there a simple way to achieve what I want? I am using OpenSSL
0.9.8e under Slackware 12, the OpenSSL having been compiled with NULL
cipher support.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
