On Thu, 2009-07-30 at 18:28 +0200, Clinton Gormley wrote: > Hi all > > Has anybody tried using a DSA private key in a .pem file for pound? > > We've been using RSA without any problems. Now just tried a .pem with > DSA and I'm getting the following: > > > openssl s_client -bugs -connect myhost.com:443 > CONNECTED(00000003) > 28053:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure:s23_clnt.c:578: > > Firefox gives me: > > Cannot communicate securely with peer: no common encryption algorithm(s). > (Error code: ssl_error_no_cypher_overlap) > > When I test the .pem with s_server it works: > > openssl s_server -cert mypem.pem -www& > Using default temp ECDH parameters > ACCEPT > > And Firefox accepts the cert. > > Any ideas?
We'll add support for DSA in the next release - currently it lacks the generation of the DH parameters (similar to the RSA stuff). -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-44-920 4904 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
