RE: DHE with DSS certificates

Wed, 12 Jul 2000 10:08:03 -0700 

Hi Lutz,

I am doing that. I am using the same function which s_server uses to load
the DH parameters. But I still get this error message. Can anything else be
wrong?

-----Original Message-----
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 12:44 AM
To: '[EMAIL PROTECTED]'
Subject: Re: DHE with DSS certificates


On Tue, Jul 11, 2000 at 06:47:56PM -0700, Shrikrishna Karandikar wrote:
> 
> I am trying to use Diffie Hellman key exchange with DSS certificates. I
have
> DH parameters appended to both the client and server certifcate files.
Also
> I am using the "SSL_CTX_set_tmp_dh" function to init the DH parameters.
> 
> But I always get the following error at the server:
> 
> 270:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:769:
> 
> 
> I tried setting the preferred cipher to "DSS+DH" or
> EXP1024-DHE-DSS-DES-CBC-SHA in the client. But still the error occurs.
> Doesn't the server recognize these cipher suites. Am I missing something?
I
> found some archive messages and verified that I am doing everything
> (certificate stuff) correctly. Can somebody explain the problem?

Reading between the lines:
- You write your own application (the problem does not apply to the
  openssl applications like s_server).
The DH parameters are not read together with the certificates.
You must explicitely load them e.g. from a file using PEM_read_DHparams().
The openssl applications implicitely try to load them from the certificate
file if no special location is given, but that's a special property of the
s_server application. Your application must load the DH-parameters itself.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to