On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote: > I got the point: the server certificate is ECDSA with curve secp256r1. > It works with RSA certificate and curves > sepc256r1/sepc384r1/sepc521r1/x25519/x448.
See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924 When using ECDSA with TLSv1.2, the group list MUST include the group used in the certificate. Otherwise, you get no shared cipher as you reported. You can *prefer* X25519, but you cannot only offer X25519. -- Viktor.
