I'm playing around to see if I can observe client and server under various conditions when negotiating TLS 1.2 with newer certs. I created a root and server cert as ecdsa-with-SHA256.
openssl s_server -CAfile eroot1.pem -cert eserver1.pem -key eserver1.key -debug openssl s_client -CAfile eroot1.pem -debug However, the server issues a handshake alert and says no shared cipher. I see the client is sending a large set of suites but apparently none that the server wants. How do I do this properly? ACCEPT read from 0x147cb28 [0x1489e60] (11 bytes => 11 (0xB)) 0000 - 16 03 01 01 3c 01 00 01-38 03 03 ....<...8.. read from 0x147cb28 [0x1489e6e] (310 bytes => 310 (0x136)) 0000 - 50 19 91 ea 00 45 14 d9-c4 bc 4d 15 a1 e5 0a a3 P....E....M..... 0010 - f4 89 1d a5 98 37 2d 28-14 a2 19 47 b4 92 e8 dd .....7-(...G.... 0020 - 00 00 a0 c0 30 c0 2c c0-28 c0 24 c0 14 c0 0a c0 ....0.,.(.$..... 0030 - 22 c0 21 00 a3 00 9f 00-6b 00 6a 00 39 00 38 00 ".!.....k.j.9.8. 0040 - 88 00 87 c0 32 c0 2e c0-2a c0 26 c0 0f c0 05 00 ....2...*.&..... 0050 - 9d 00 3d 00 35 00 84 c0-12 c0 08 c0 1c c0 1b 00 ..=.5........... 0060 - 16 00 13 c0 0d c0 03 00-0a c0 2f c0 2b c0 27 c0 ........../.+.'. 0070 - 23 c0 13 c0 09 c0 1f c0-1e 00 a2 00 9e 00 67 00 #.............g. 0080 - 40 00 33 00 32 00 9a 00-99 00 45 00 44 c0 31 c0 @.3.2.....E.D.1. 0090 - 2d c0 29 c0 25 c0 0e c0-04 00 9c 00 3c 00 2f 00 -.).%.......<./. 00a0 - 96 00 41 00 07 c0 11 c0-07 c0 0c c0 02 00 05 00 ..A............. 00b0 - 04 00 15 00 12 00 09 00-14 00 11 00 08 00 06 00 ................ 00c0 - 03 00 ff 01 00 00 6f 00-0b 00 04 03 00 01 02 00 ......o......... 00d0 - 0a 00 34 00 32 00 0e 00-0d 00 19 00 0b 00 0c 00 ..4.2........... 00e0 - 18 00 09 00 0a 00 16 00-17 00 08 00 06 00 07 00 ................ 00f0 - 14 00 15 00 04 00 05 00-12 00 13 00 01 00 02 00 ................ 0100 - 03 00 0f 00 10 00 11 00-23 00 00 00 0d 00 22 00 ........#.....". 0110 - 20 06 01 06 02 06 03 05-01 05 02 05 03 04 01 04 ............... 0120 - 02 04 03 03 01 03 02 03-03 02 01 02 02 02 03 01 ................ 0130 - 01 00 0f 00 01 01 ...... write to 0x147cb28 [0x1493870] (7 bytes => 7 (0x7)) 0000 - 15 03 03 00 02 02 28 ......( ERROR 5368:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:.\ssl\s3_srvr.c:1353: shutting down SSL CONNECTION CLOSED .................................... Erik Tkal Juniper OAC/UAC/Pulse Development ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
