On 11/11/14 09:35, Koehne Kai wrote: >> -----Original Message----- >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- >> [...] >> I have been able to reproduce this. >> >> Using a standard openssl configured *without* including no-ec2m, start an >> s_server: >> >> openssl s_server -named_curve sect239k1 >> >> Then, using an openssl configured *with* no-ec2m, connect to the s_server: >> >> openssl s_client -cipher ECDHE-RSA-AES256-SHA >> >> You should see the same error message as you got displayed in the client. > > Indeed. > >> Please can you try the attached patch to see if that solves your problem. > > If I apply the patch on the client side, the handshake succeeds :) > > I guess the server-side fix to mitigate this issue would be to configure with > fips / no-ec2m, too? >
The server side is using a binary curve for its temporary ECDHE parameters. If you expect clients to hit that server that are configured with no-ec2m and you can't patch them, then the best workaround would be to configure the server to use a prime field curve instead, e.g. P-256 Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
