On Fri, Apr 14, 2017, Schmicker, Robert wrote: > > > After some debugging (exactly as mentioned above) it appears that the cipher > suite does not show up in the ClientHello using the s_client/s_server. I > modified the cipher for testing to use 512 bits instead of 64 so that it is > ranked highest. > > Error server side: > SSL routines:tls_post_process_client_hello:no shared > cipher:ssl/statem/statem_srvr.c:1979 > > Error Client side: > SSL routines:ssl3_read_bytes:tlsv1 alert internal > error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80 > > Any idea why the cipher would appear under the list of supported tls1.2 > ciphers, yet it does not appear under the ClientHello even if specified with > the -cipher option? >
Hmm... it's not clear why the cipher isn't being sent in client hello. What output do you get with -security_debug_verbose option? Also try including @SECLEVEL=0 in the cipher string. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users