Thank you for your reply. If I understand correctly, by specifying the 'nocert' option when starting s_server, I am limiting the cipher suites to those without certificates. Otherwise I need to create a certificate and cipher suites that require certificates won't work. Does open ssl support the TLS_ECDH_anon .. cipher suites?
Last question. (for now..and thank you) How can a generate an elliptic curve certificate? I tried a few things unsuccessfully to make a certificate, so some tips would really be appreciated. Thank you, Mike --- On Sat, 8/22/09, Dr. Stephen Henson <st...@openssl.org> wrote: > From: Dr. Stephen Henson <st...@openssl.org> > Subject: Re: ECDHE help needed, please > To: openssl-users@openssl.org > Date: Saturday, August 22, 2009, 1:19 PM > On Sat, Aug 22, 2009, Michael D > wrote: > > > > > I am testing a custom TLS client I am writing for a > night class. > > I would like to use openssl s_server for the testbed, > if that is possible. > > > > I am running openssl-1.0.0-stable-SNAP-20090821 > > > > * I am running the command as follows: > > openssl s_server -nocert > > > > It starts by saying: > > Using default temp DH parameters > > Using default temp ECDH parameters > > ACCEPT > > > > * My client sends a client hello. I have openssl > dump the server cipher > > list and the list I sent. > > Ming are shown as below: > > 0x81f8390:ECDHE-ECDSA-AES128-SHA > > 0x81f83c0:ECDHE-ECDSA-AES256-SHA > > 0x81f83f0:ECDH-RSA-NULL-SHA > > 0x81f8420:ECDH-RSA-RC4-SHA > > > > I end up with an error: > > 3085114028:error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:1138: > > > > I see my cipher in the list! What am I doing > wrong please. > > > > This is getting a tiny bit frustrating. Any help > would be appreciated. > > > > Those ciphersuites all require a certificate. If the client > uses OpenSSl you > have to explicitly enable anonymous ciphersuites using an > appropriate cipher > string for example "aNULL". If the client doesn't use > OpenSSL then it may not > support anonymous ciphersuites at all. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project > > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > > majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
