On Sat, Aug 22, 2009, Michael D wrote: > > I am testing a custom TLS client I am writing for a night class. > I would like to use openssl s_server for the testbed, if that is possible. > > I am running openssl-1.0.0-stable-SNAP-20090821 > > * I am running the command as follows: > openssl s_server -nocert > > It starts by saying: > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > > * My client sends a client hello. I have openssl dump the server cipher > list and the list I sent. > Ming are shown as below: > 0x81f8390:ECDHE-ECDSA-AES128-SHA > 0x81f83c0:ECDHE-ECDSA-AES256-SHA > 0x81f83f0:ECDH-RSA-NULL-SHA > 0x81f8420:ECDH-RSA-RC4-SHA > > I end up with an error: > 3085114028:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:1138: > > I see my cipher in the list! What am I doing wrong please. > > This is getting a tiny bit frustrating. Any help would be appreciated. >
Those ciphersuites all require a certificate. If the client uses OpenSSl you have to explicitly enable anonymous ciphersuites using an appropriate cipher string for example "aNULL". If the client doesn't use OpenSSL then it may not support anonymous ciphersuites at all. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
