Re: Will OpenSSL support DTLS client authentication using ECDH certificate?

Sun, 10 Oct 2010 06:33:57 -0700 

On 10/8/10, daniel.war...@gdc4s.com <daniel.war...@gdc4s.com> wrote:
> Using 1.0.0a s_server and s_client I was able to get TLS server only
> authentication and client and server authentication using ECDH
> certificates to work.
> Using 1.0.0a s_server and s_client I was not able to get DTLS to work.
> I found a comment in the code that
> For now, we do not support client authentication using ECDH
> certificates.
> Will OpenSSL add support for DTLS client authentication using ECDH
> certificate?
> Also does anyone know why my DTLS EC server authentication failed?
>
> TLS EC Server Authentication
> openssl s_server  -accept 9001 -cert certs/secp256r1TestServer.pem -key
> private/secp256r1TestServer.key  -CAfile ./ca-certs/secp256r1TestCA.pem
> -cipher ECDHE-ECDSA-AES256-SHA
> openssl s_client  -connect localhost:9001  -CAfile
> ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA
> Shared ciphers:ECDHE-ECDSA-AES256-SHA
> CIPHER is ECDHE-ECDSA-AES256-SHA
>
> TLS EC Client and Server Authentication
> openssl s_server  -accept 9001 -cert certs/secp256r1TestServer.pem -key
> private/secp256r1TestServer.key  -CAfile ./ca-certs/secp256r1TestCA.pem
> -cipher ECDHE-ECDSA-AES256-SHA
> openssl s_client  -connect localhost:9001 -cert
> certs/secp256r1TestClient.pem -key private/secp256r1TestClient.key
> -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA
> Shared ciphers:ECDHE-ECDSA-AES256-SHA
> CIPHER is ECDHE-ECDSA-AES256-SHA
>
> DTLS EC Server Authentication
> openssl s_server -dtls1 -accept 9001 -cert certs/secp256r1TestServer.pem
> -key private/secp256r1TestServer.key  -CAfile
> ./ca-certs/secp256r1TestCA.pem  -cipher ECDHE-ECDSA-AES256-SHA
> Using default temp DH parameters
> Using default temp ECDH parameters
> ACCEPT
> ERROR
> 5932:error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal
> error:s3_srvr.c:
> 725:
> shutting down SSL
> CONNECTION CLOSED
>
> openssl s_client -dtls1 -connect localhost:9001  -CAfile
> ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA
> CONNECTED(00000003)
> 6092:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake
> failure:
> d1_pkt.c:963:SSL alert number 40
> 6092:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl
> handshake failure:d1_pkt.c:1153:
>
> Dan Warren
>
>
>

-- 
Sent from my mobile device
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to