Hi Prerak, Thank you much for the info. When I made the client create an RSA P-256 certificate and use it in PeerConnection (in fact, this is required with Chrome 52 and later, when using OpenSSL 1.0.1g, for e.g.), it still didn't work, but the cipher suite used was the same as in the working case. However, I could see that the ECDH named curve used in Server Key Exchange was ecdh_x25519 (0x001d) - as you have noted, compared to secp256r1 (0x0017) in the working case. I also don't see any named curves specified in Client Hello. Note that secp256r1 is one of the curves supported by Firefox, according to the code diff you've pointed out. Also note that DTLS works fine when Firefox receives a call, and acts as a client.
It looks like that SSL_CTL_set1_curves() is only available from OpenSSL 1.0.2. FYI, we are already using EC_KEY_new_by_curve_name(NID_X9_62_prime256v1), followed by SSL_CTX_set_tmp_ecdh() to set the curve name - this was required a while ago after Firefox made some changes on this regard. Other than updating OpenSSL, is there any other way to have the supported named curves listed in the Client Hello? Thank, Uma _______________________________________________ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
