Hi Marek Marcola, thanks a lot for your help. I tried the commands with exactly the same certificates and private keys and the connection works. This makes me half happy :)
So, maybe I doing something wrong on handshaking? Best regards chris r. On 06.04.2012 18:46, marek.marc...@malkom.pl wrote: > Hello, > > Test connection works: > > SERVER: > # openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem > -cipher RC4-SHA -tls1 > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > -----BEGIN SSL SESSION PARAMETERS----- > MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74LUjhba+gnYZ > JrObUopzWYJc2tuSFoZlRsyhBgIET38dO6IEAgIcIKQGBAQBAAAAqwMEAQE= > -----END SSL SESSION PARAMETERS----- > Shared ciphers:RC4-SHA > CIPHER is RC4-SHA > Secure Renegotiation IS supported > .... > > CLIENT: > # openssl s_client -cipher RC4-SHA -tls1 > .... > New, TLSv1/SSLv3, Cipher is RC4-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : TLSv1 > Cipher : RC4-SHA > .... > > Best regards, > -- > Marek Marcola <marek.marc...@malkom.pl> > > > owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM: > >> crk <c...@crook.de> >> Sent by: owner-openssl-us...@openssl.org >> >> 04/06/2012 06:26 PM >> >> Please respond to >> openssl-users@openssl.org >> >> To >> >> openssl-users@openssl.org >> >> cc >> >> Subject >> >> "no shared cipher" >> >> Hi, >> >> I am trying to establish an tls1 connection between a server and a >> client, running in two threads. >> >> When doing the handshake the server gets the hello message and throws an >> error: >> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher >> >> I am using on both sides SSL_CTX_set_cipher_list(ctx, "RC4-SHA"). >> >> To figure out the cipher string I used the following command: >> openssl ciphers -tls1 > "aRSA:AES:-kEDH:-ECDH:-SRP:-PSK:-NULL:-EXP:-MD5:-DES" >> which gave me: >> > ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDH- >> > RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-RC4-SHA:AES256- >> SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA >> >> Also the certs and private keys for server and client are set up. No >> error here, I believe. >> >> What am I doing wrong? (see more here: http://paste.debian.net/162331/) >> >> Thanks so far, >> aureliano =) >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- crk For free communication with me use GPG. Questions? Ask me ;) WIKI: http://en.wikipedia.org/wiki/E-mail_privacy GPG: www.crook.de/crk/crk_pub_0xB268A580.asc
signature.asc
Description: OpenPGP digital signature