Arnt Gulbrandsen <[email protected]> writes: > On Wednesday, April 16, 2014 1:50:09 PM CEST, [email protected] > wrote: >> I tried connecting to archiveopteryx like this: >> >> openssl s_client -cipher 'ECDH:DH' -connect my_server.fqdn:993 > > So your client announces DH ciphers, and aox in its answer accepts kEDH, > which is much the same thing. openssl ciphers -cipherlist DH and kEDH > produce very similar results for me. > > So I think you'll need to play around with openssl ciphers -cipherlist on > both systems involved and find out why DH and kEDH are so different.
Thanks for all the answers! It's odd - I've played around with SSL_CTX_set_cipher_list and tried different sets of ciphers, even commenting out SSL_CTX_set_cipher_list completely. openssl s_client -cipher 'CURRENT-TEST-SET' -connect myserver:993 was never able to negotiate for a cipher that according to the output of openssl cipher 'CURRENT-TEST-SET' with CURRENT-TEST-SET being what was compiled as an argument for SSL_CTX_set_cipher_list should be available.... :-(
