On Tue, Jul 26, 2016 at 01:09:04PM +0300, Ilari Liusvaara wrote:
> > Failure:
> > openssl s_client -connect regmedia.co.uk:443 -cipher
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305
>
> If you swap the order of these two ciphersuites, does it suceed or fail?
>
> I.e.
>
> openssl s_client -connect regmedia.co.uk:443 -cipher
> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256
I can reproduce the reported failure in the original order, and at
least for me the swapped variant succeeds.
> Well, your test results certainly blow basic "negotiation accidentially
> blows off all valid candidates and then fails" hypothesis out of the
> water. So it has to be soemthing more complicated.
>
> Succeeding with the ciphersuites swapped would suggest (as somebody
> else in this thread already said) that it only considers Chacha in
> the first place, not noticing that it may be the only choice after
> certificate selection.
Perhaps that's the issue.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
