On 2019-04-25 11:08, Idhren wrote: > what ? weird ! I had to edit my post because the "raw" tag didn't work ... > Anyways, without any encoding then: > > Catalina: > > 24/04/2019 14:51:32 Using Anonymous Diffie-Hellman mode. > 24/04/2019 14:51:32 loaded Diffie Hellman 1024 bits, 0.000s > 24/04/2019 14:51:32 SSL: error:1417A0C1:SSL > routines:tls_post_process_client_hello:no shared cipher Idhren,
It looks that the server cannot agree with the client on what cipher to use. Check that you have right certificate for Diffie-Hellman (check issue#2572 <https://github.com/openssl/openssl/issues/2572>), and / or reconfigure the server/client so that they use same set of ciphers. To list the ciphers that server supports you can use the following command: # nmap --script ssl-enum-ciphers -p 20000 127.0.0.1 Starting Nmap 6.47 ( http://nmap.org ) Nmap scan report for localhost (127.0.0.1) Host is up (0.00013s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: | ... | TLSv1.1: | ... | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong -- With best regards, Dmitry
