> From: owner-openssl-us...@openssl.org On Behalf Of Johannes Bauer > Sent: Wednesday, 15 May, 2013 11:49
> I'm having trouble getting a TLS 1.2 with EC F_p certificates to run. > This is my setup: > > Server: openssl 1.0.1e compiled from source, Debian squeeze > Client: openssl 1.0.1c from Gentoo tree <snip lists of supported suites> > Anyways, I've certificates that contain public ECC keys based on a > Brainpool256r1 curve: <snip> > I'm using SHA256 as hash function for the certificate signatures > (ecdsa-with-SHA256). > [On connection attempt] The server says: > > 139944446195368:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > shutting down SSL > > Curiously, when I leave the server command line as above, but force > SSLv3 on the client, it works: <snip> > So there appear to *be* shared ciphers after all. But when I try to > force any TLS combination, the connection never works. However I cannot > use SSLv3 and need to use TLS 1.2 due to a different constraint. Why > does this not work? Can anybody please tell me what I'm doing wrong? > I can't easily test at the moment (even assuming your client is OpenSSL), but I speculate that in SSL3 mode the client doesn't send (Client)Hello extensions for SupportedCurves and SupportedPointFormats, and in TLS mode(s?) it does. If those extensions are present but don't include the named curve or unnamed generic type (your case) and pointformat used by your EC cert/key, OpenSSL server logic won't consider that EC cert/key as a candidate for this client/session. Unless there's another cert/key configured, or non-PK alternatives like PSK or SRP, acceptable to the client, you'll get "no shared cipher". ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
