I have; following is the relevant snippet:
int nid = OBJ_sn2nid(ECDHE_CURVE);
if (NID_undef == nid)
goto err_obj_sn2nid;
EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid);
if (NULL == ecdh)
goto err_ec_key_new;
SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh);
On Fri, Nov 9, 2012 at 5:32 PM, Dr. Stephen Henson <st...@openssl.org> wrote:
> On Fri, Nov 09, 2012, Karel Sedl??ek wrote:
>
>> This problem is related to an issue I have been experiencing with a
>> piece of bespoke software I am writing that uses OpenSSL to terminate
>> SSL/TLS connections, using non-blocking I/O.
>>
>> Observations:
>> - My server's TLS handshake for cipher ECDHE-ECDSA-AES256-GCM-SHA384 fails.
>> - If I use ALL for my server cipher list and specify no cipher list
>> for `openssl s_client`, `openssl s_client` successfully negotiates
>> ECDH-ECDSA-AES256-SHA.
>
> Have you set up appropriate ECDH temporary key parameters in the server ? If
> no
> ECDH temporary parameters are set up then ECDHE ciphersuites are disabled by
> the server.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
