error: SSL accept error(SSL): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Works great without FIPS but get "no shared cipher" error when FIPS enabled libraries are linked in. Suspect the problem is with the X509 certificate that I'm using. Certificates details are included below. Public Key Algorthim on my certificate is rsaEncryption not sure if it can be used with FIPS. Thanks, Saju openssl version:0.9.7m openssl fips version: 1.1.1 platform: windows XP (fipscansiter.o built with MinGW, openssl libs built with VC++) application: in-house FTP server built with openssl (works great with regular (non-fips) openssl libraries) server certificate: self-signed certificate built with openssl (command line tool) error: SSL accept error(SSL): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher built openssl libs with defines: CIPHER_DEBUG & KSSL_DEBUG Debug Output from Server::: Server has 20 from 00C36E20: 006FEE38:ADH-AES256-SHA 006FEE10:DHE-RSA-AES256-SHA 006FEDE8:DHE-DSS-AES256-SHA 006FED70:AES256-SHA 006FED48:ADH-AES128-SHA 006FED20:DHE-RSA-AES128-SHA 006FECF8:DHE-DSS-AES128-SHA 006FEC80:AES128-SHA 006FEC08:EDH-RSA-DES-CBC3-SHA 006FEBE0:EDH-RSA-DES-CBC-SHA 006FEBB8:EXP-EDH-RSA-DES-CBC-SHA 006FEB90:EDH-DSS-DES-CBC3-SHA 006FEB68:EDH-DSS-DES-CBC-SHA 006FEB40:EXP-EDH-DSS-DES-CBC-SHA 006FEA28:DES-CBC3-SHA 006FEA00:DES-CBC-SHA 006FE9D8:EXP-DES-CBC-SHA 006FE8E8:ADH-DES-CBC3-SHA 006FE8C0:ADH-DES-CBC-SHA 006FE898:EXP-ADH-DES-CBC-SHA Client sent 20 from 00C51158: 006FEE10:DHE-RSA-AES256-SHA 006FEDE8:DHE-DSS-AES256-SHA 006FED70:AES256-SHA 006FEC08:EDH-RSA-DES-CBC3-SHA 006FEB90:EDH-DSS-DES-CBC3-SHA 006FEA28:DES-CBC3-SHA 006FED20:DHE-RSA-AES128-SHA 006FECF8:DHE-DSS-AES128-SHA 006FEC80:AES128-SHA 006FE9B0:IDEA-CBC-SHA 006FE960:RC4-SHA 006FE938:RC4-MD5 006FEBE0:EDH-RSA-DES-CBC-SHA 006FEB68:EDH-DSS-DES-CBC-SHA 006FEA00:DES-CBC-SHA 006FEBB8:EXP-EDH-RSA-DES-CBC-SHA 006FEB40:EXP-EDH-DSS-DES-CBC-SHA 006FE9D8:EXP-DES-CBC-SHA 006FE988:EXP-RC2-CBC-MD5 006FE910:EXP-RC4-MD5 rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 0 alg= d00050 0:[00000050:00000200]006FEE10:DHE-RSA-AES256-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 1 alg= d00090 0:[00000090:00000200]006FEDE8:DHE-DSS-AES256-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 2 alg= d00041 0:[00000041:00000200]006FED70:AES256-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 3 alg= 502050 0:[00000050:00000200]006FEC08:EDH-RSA-DES-CBC3-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 4 alg= 502090 0:[00000090:00000200]006FEB90:EDH-DSS-DES-CBC3-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 5 alg= 502041 0:[00000041:00000200]006FEA28:DES-CBC3-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 6 alg= d00050 0:[00000050:00000200]006FED20:DHE-RSA-AES128-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 7 alg= d00090 0:[00000090:00000200]006FECF8:DHE-DSS-AES128-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 8 alg= d00041 0:[00000041:00000200]006FEC80:AES128-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 9 alg= 510041 0:[00000041:00000200]006FE9B0:IDEA-CBC-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 10 alg= 504041 0:[00000041:00000200]006FE960:RC4-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 11 alg= 484041 0:[00000041:00000200]006FE938:RC4-MD5 rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 12 alg= 501050 0:[00000050:00000200]006FEBE0:EDH-RSA-DES-CBC-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 13 alg= 501090 0:[00000090:00000200]006FEB68:EDH-DSS-DES-CBC-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 14 alg= 501041 0:[00000041:00000200]006FEA00:DES-CBC-SHA rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 15 alg= 501050 0:[00000050:00000200]006FEBB8:EXP-EDH-RSA-DES-CBC-SHA (export) rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 16 alg= 501090 0:[00000090:00000200]006FEB40:EXP-EDH-DSS-DES-CBC-SHA (export) rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 17 alg= 501041 0:[00000041:00000200]006FE9D8:EXP-DES-CBC-SHA (export) rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 18 alg= 488041 0:[00000041:00000200]006FE988:EXP-RC2-CBC-MD5 (export) rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0 ssl3_choose_cipher 19 alg= 484041 0:[00000041:00000200]006FE910:EXP-RC4-MD5 (export) tls1_enc(1) certificate details: Certificate: Data: Version: 1 (0x0) Serial Number: f5:55:6d:6c:47:4e:6c:84 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Michigan, L=Livonia, O=MessageWay Solutions, OU=Development (FIPS), CN=localhost/[EMAIL PROTECTED] Validity Not Before: Aug 27 16:08:53 2007 GMT Not After : Aug 24 16:08:53 2017 GMT Subject: C=US, ST=Michigan, L=Livonia, O=MessageWay Solutions, OU=Development (FIPS), CN=localhost/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c7:6d:b2:70:66:d0:10:ab:4c:4c:4f:9b:78:3a: 1e:ca:80:f8:d0:86:19:50:2a:2a:3d:3b:86:3e:04: 11:81:24:03:fb:f0:c7:57:1a:ba:f3:97:c6:cd:90: 38:bd:cf:08:b6:94:1a:2e:80:07:4d:06:c2:ee:50: 74:2d:0c:9b:55:02:a0:4b:88:2e:06:e1:36:bb:d3: 1e:80:6d:db:28:b6:e2:7b:78:d4:b8:08:57:92:44: b8:e6:8f:f4:81:91:81:04:cd:02:18:7a:51:a7:28: a6:9f:bc:47:cd:a4:6d:b1:a2:de:37:2d:be:3b:1a: 56:2b:7f:de:e8:50:36:63:31 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 24:40:eb:50:3d:08:b4:b0:33:b7:ba:e2:f6:77:72:87:03:4b: d9:f3:19:b4:46:26:1e:3e:10:4c:ac:7c:86:22:8f:95:c9:be: ba:3b:c1:fa:ec:1f:42:bd:39:97:8e:db:b9:cd:ce:e3:1c:2c: 39:96:b4:bd:47:b5:35:a4:45:05:42:99:44:e8:fc:84:25:32: 41:48:6c:9d:d8:11:55:12:00:fd:7c:b9:8c:0b:90:d2:02:bb: 59:ad:cb:f6:97:9a:7a:2e:e1:30:c3:b4:ce:de:ac:e1:6c:de: 51:37:c3:0e:6b:89:e6:aa:51:70:d8:d1:79:a7:24:d0:a9:d4: 38:42 -----BEGIN CERTIFICATE----- MIICyTCCAjICCQD1VW1sR05shDANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMC VVMxETAPBgNVBAgTCE1pY2hpZ2FuMRAwDgYDVQQHEwdMaXZvbmlhMR0wGwYDVQQK ExRNZXNzYWdlV2F5IFNvbHV0aW9uczEbMBkGA1UECxMSRGV2ZWxvcG1lbnQgKEZJ UFMpMRIwEAYDVQQDEwlsb2NhbGhvc3QxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRA bWVzc2Fnd2F5LmNvbTAeFw0wNzA4MjcxNjA4NTNaFw0xNzA4MjQxNjA4NTNaMIGo MQswCQYDVQQGEwJVUzERMA8GA1UECBMITWljaGlnYW4xEDAOBgNVBAcTB0xpdm9u aWExHTAbBgNVBAoTFE1lc3NhZ2VXYXkgU29sdXRpb25zMRswGQYDVQQLExJEZXZl bG9wbWVudCAoRklQUykxEjAQBgNVBAMTCWxvY2FsaG9zdDEkMCIGCSqGSIb3DQEJ ARYVc3VwcG9ydEBtZXNzYWd3YXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDHbbJwZtAQq0xMT5t4Oh7KgPjQhhlQKio9O4Y+BBGBJAP78MdXGrrzl8bN kDi9zwi2lBougAdNBsLuUHQtDJtVAqBLiC4G4Ta70x6AbdsotuJ7eNS4CFeSRLjm j/SBkYEEzQIYelGnKKafvEfNpG2xot43Lb47GlYrf97oUDZjMQIDAQABMA0GCSqG SIb3DQEBBQUAA4GBACRA61A9CLSwM7e64vZ3cocDS9nzGbRGJh4+EEysfIYij5XJ vro7wfrsH0K9OZeO27nNzuMcLDmWtL1HtTWkRQVCmUTo/IQlMkFIbJ3YEVUSAP18 uYwLkNICu1mty/aXmnou4TDDtM7erOFs3lE3ww5rieaqUXDY0XmnJNCp1DhC -----END CERTIFICATE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]