On 10/11/14 11:47, Koehne Kai wrote: > Hi, > > I'm trying to debug a handshake failure between clients using the system > openssl just released OpenSUSE 13.2 , and a server. The handshake always > fails with a somewhat cryptic error message: > > > error:1200AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown > group. error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib > > > My main question is whether that points to a bug in the _client_, or the > _server_. I'm trying to get in contact with the admins of the server, but so > far don't know what openssl they are using. So I've concentrated on the > client... > > The client openssl version is a patched version of 1.0.1i. By taking > openSUSE's build configuration and stripping down the configure flags & > patches bit by bit, I could reproduce it though also with a custom openssl > 1.0.1j and the following configure arguments: > > ./config threads shared no-rc5 no-idea no-ssl2 no-ec2m
So if I understand you correctly you are still applying some patches to OpenSSL? Does this happen with a stock OpenSSL? It *sounds* like the client is advertising support for a set of EC curves that it doesn't in fact support. That would be a bug in openssl on the client side. A (less than ideal) workaround would be to disable EC ciphersuites. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
