I got the point: the server certificate is ECDSA with curve secp256r1. It works with RSA certificate and curves sepc256r1/sepc384r1/sepc521r1/x25519/x448.
On Thu, Jun 13, 2019 at 3:00 AM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote: > > > > > Tried below commands, > > > > openssl s_server -trace -state -cert server.cer -key server.key > -accept port > > > > openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 > -connect localhost:port > > > > > > With same commands, using OpenSSL 1.1.1c, I get: > > > > > > CONNECTION ESTABLISHED > > > Protocol version: TLSv1.2 > > > Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 > > > Peer certificate: > > > Hash used: SHA256 > > > Signature type: RSA-PSS > > > Supported Elliptic Curve Point Formats: ... > > > Server Temp Key: X25519, 253 bits > > > > > > Perhaps your s_client is not the one from 1.1.1 or it is dynamically > > > linked against 1.1.0 libraries... > > > > > My s_client can support TLSv1.3, so it should not be from any pre-1.1.1 > > version. > > You say that, but the evidence suggests otherwise. In each of > whatever shells you're using to start the client and server, > it would be prudent to run: > > $ openssl version -v > > Here's an example with the command and library at the same version: > > $ /usr/local/bin/openssl version -v > OpenSSL 1.1.1c 28 May 2019 > > And here's another where they differ in the patchlevel: > > $ LD_PRELOAD=/lib/libcrypto.so.111:/usr/lib/libssl.so.111 > /usr/local/bin/openssl version -v > OpenSSL 1.1.1c 28 May 2019 (Library: OpenSSL 1.1.1a-freebsd 20 Nov > 2018) > > Without forcing anything with LD_PRELOAD, ... are your client and > server in fact 1.1.1 in both the executable and the library? > > -- > Viktor. >