Hi Patrick, Thanks for your response. FF 3.6.2 is sending TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA in it's client hello message. The command line OpenSSL client can be made to connect using this cipher suite. Any ideas?
Thanks, Alex On 8 July 2010 13:41, Eisenacher, Patrick <patrick.eisenac...@bdr.de> wrote: > Hi Alex, > > just check the list of ciphersuites that FF sends in its client hello > message and you'll see which ciphersuites FF supports. > > HTH, > Patrick Eisenacher > > -----Original Message----- > *From:* Alex Birkett > > Hi, > > Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher > suite. I've configured Open SSL (version 1.0.0.a) as a test server with > what I think is a suitable ECC key/certificate (attached) The keys were > created with the attached script. > > The server was started like this: > openssl s_server -cert > /home/alex/keys/ssltest/Certs/secp160r2TestServer.pem -cipher > ECDHE-ECDSA-AES256-SHA > > An open ssl client can be successfully connected like this: > openssl s_client -connect localhost:4433 > The client says the connection is established with > the ECDHE-ECDSA-AES256-SHA cipher > > When a connection with Firefox is attempted the server give a series of > errors like this: > > 140068746417832:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1216: > shutting down SSL > > Can anybody explain this? Could it be a bug in OpenSSL? > > -- Alex Birkett mBricks AS Fornebuveien 31, P.O. Box 69 NO-1324 Lysaker, NORWAY www.mbricks.no Follow us on Twitter: www.twitter.com/mBricksTeam