It has been quite a while since I've written my own server, but the
first thing I would do is add all ciphers to the server instead of
restricting the server to one cipher like you have. When you get a
connection, log the cipher that it connected with. Then you can limit it
to just that one cipher if you really want.
Sean Walker
SurfMy.Net
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mattias Marberg
> Sent: Tuesday, October 17, 2000 9:16 AM
> To: [EMAIL PROTECTED]
> Subject: Jsse client & openssl server
>
>
> Hello,
>
> I'm a newbie in openssl... I try to create a simple ssl client using
> jsse and a simple ssl server using Openssl (using example server
> serv.cpp). To make the communication even simpler I use cipher suites
> with no authentication (SSL_DH_anon_WITH_3DES_EDE_CBC_SHA for jsse &
> ADH-DES-CBC3-SHA for Openssl). The problem is that the client and the
> server can't find a shared cipher suite... Does anyone know
> of any good
> resources that deal in these issues? I Attach some code fom my
> applications... The C++ application runs until CHK_SSL(err) and then
> exit with the error code 19153:error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:772:
>
> Java:
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
> System.out.println("Create SSLServer Socket Factory...");
> SSLSocketFactory factory = (SSLSocketFactory)
> SSLSocketFactory.getDefault();
> System.out.println("Requesting connection to " +
> ipaddress + " on
> port 1111...");
> s = (SSLSocket) factory.createSocket(ipaddress, 1111);
>
> String[] cipher_suites = new String[1];
> cipher_suites[0] = "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
> s.setEnabledCipherSuites(cipher_suites);
>
>
> String[] ncipher_suites = s.getEnabledCipherSuites();
> System.out.println("Enabled cipher suites are: ");
> for (int i = 0; i < ncipher_suites.length; i++) {
> System.out.println(" " + ncipher_suites[i]);
> }
>
> System.out.println("The one negotiated is " +
> s.getSession().getCipherSuite());
>
> C++:
> /* SSL preliminaries. We keep the certificate and key with the
> context. */
>
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> meth = SSLv23_server_method();
> ctx = SSL_CTX_new (meth);
> if (!ctx) {
> ERR_print_errors_fp(stderr);
> exit(2);
> }
>
> // Certificate code removed...
>
> /* ----------------------------------------------- */
> /* Prepare TCP socket for receiving connections */
>
> listen_sd = socket (AF_INET, SOCK_STREAM, 0);
>
> CHK_ERR(listen_sd,"socket");
>
> memset (&sa_serv, '\0', sizeof(sa_serv));
> sa_serv.sin_family = AF_INET;
> sa_serv.sin_addr.s_addr = INADDR_ANY;
> sa_serv.sin_port = htons (1111); /* Server Port
> number */
>
> err = bind(listen_sd, (struct sockaddr*) &sa_serv,
> sizeof (sa_serv)); CHK_ERR(err, "bind");
>
> /* Receive a TCP connection. */
>
> err = listen (listen_sd, 5); CHK_ERR(err,
> "listen");
>
> client_len = sizeof(sa_cli);
> sd = accept (listen_sd, (struct sockaddr*) &sa_cli,
> &client_len);
> CHK_ERR(sd, "accept");
> close (listen_sd);
>
> printf ("Connection from %s, port %x\n", inet_ntoa((struct
> in_addr)sa_cli.sin_addr), sa_cli.sin_port);
>
> /* ----------------------------------------------- */
> /* TCP connection is ready. Do server side SSL. */
>
> ssl = SSL_new (ctx); CHK_NULL(ssl);
> SSL_set_cipher_list(ssl, "ADH-DES-CBC-SHA");
> SSL_set_fd (ssl, sd);
> err = SSL_accept (ssl);
> fprintf(stderr, "CHECK ERROR\n");
> CHK_SSL(err);
>
> /* Get the cipher - opt */
>
> Thanks
> Mattias Marberg
>
smime.p7s
