You don't need to change OpenSSL; TLSv1_2_server_method() replaces
SSLv23_server_method() in your own code.
k
On Fri, Jun 7, 2013 at 10:17 AM, mehroz mehroz.ashra...@gmail.com wrote:
Hi,
Could you help where do i need to change the method from
TLSv1_2_server_method() to
Hi,
Could you help where do i need to change the method from
TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to
be addresses?
--
View this message in context:
http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html
Sent
On Fri, Nov 09, 2012, Karel Sedl??ek wrote:
This problem is related to an issue I have been experiencing with a
piece of bespoke software I am writing that uses OpenSSL to terminate
SSL/TLS connections, using non-blocking I/O.
Observations:
- My server's TLS handshake for cipher
I have; following is the relevant snippet:
int nid = OBJ_sn2nid(ECDHE_CURVE);
if (NID_undef == nid)
goto err_obj_sn2nid;
EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid);
if (NULL == ecdh)
goto err_ec_key_new;
SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh);
On Fri, Nov 9, 2012 at 5:32 PM,
On Fri, Nov 09, 2012, Karel Sedl??ek wrote:
I have; following is the relevant snippet:
int nid = OBJ_sn2nid(ECDHE_CURVE);
if (NID_undef == nid)
goto err_obj_sn2nid;
EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid);
if (NULL == ecdh)
goto err_ec_key_new;
I was using secp521r1, but secp384r1 has the same behavior. Here is
the output with -state:
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0x7fe008426dd0 [0x7fe008810800] (165 bytes = 165 (0xA5))
- 16 03 01 00 a0 01 00 00-9c 03 03 50 9d 3f 85 bf ...P.?..
On Fri, Nov 09, 2012, Karel Sedl??ek wrote:
I was using secp521r1, but secp384r1 has the same behavior. Here is
the output with -state:
SSL_connect:error in SSLv2/v3 read server hello A
140735101956572:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
Just discovered the culprit. I had configured the server using
TLSv1_server_method(), going from
http://www.openssl.org/docs/ssl/SSL_CTX_new.html and assuming TLSv1
encompasses v1.{1,2}. Stumbled on this by chance by experimenting with
forcing TLSv1.2 (of which the desired cipher suite is a part)