> From: [email protected] On Behalf Of Hoel, John
> Sent: Wednesday, 27 May, 2009 20:24
> I am testing a server that supports encryption without
certificates.
> Build is 0.9.8k. When I test it with 'openssl s_client -connect
host:port',
> [...] My SSL server throws the following error:
> SSL error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher: .
> SSL error location: file '.\ssl\s3_srvr.c' line 888.
> Can anyone tell me why s_client throws this error?
An anonymous server can only use the anon-DH ciphersuites *,
which (openssl and thus) s_client does not offer by default.
Add at least -cipher ADH; or if you prefer, the same cipherspec
(or similar) as you coded in the server (snipped).
> I have an SSL client that connects successfully to this server.
Presumably it allows ADH.
* or maybe Kerberos; I'm not familiar with that. But it's so rare,
if you were using it I hope you would know enough to say so.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
