Hi, I've generated certificates based on the secp256r1 curve and a connection to the server can be established not only with FireFox, but also Internet Explorer and Chrome. It must be that secp160r2 is not supported by the browsers. Do you think it would be possible to add a more descriptive error message to OpenSSL?
Many thanks to everybody that replied to this thread. Your help has been really appreciated. Kind Regards, Alex On 8 July 2010 18:47, Michael S. Zick <[email protected]> wrote: > On Thu July 8 2010, Dirk Menstermann wrote: > > Hi, > > > > on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that > FF 2 does > > support only curves with 256, 384, and 521. Maybe this is the same for FF > 3 and > > your 160 bit curve is not supported. > > > > Try: about:config in your browser, page down to the security.* section. > I do not see any mention of 160 bit curves mentioned in my ff-3 install. > Although it might be there under a name I don't recognize. > > Mike > > > > Bye > > Dirk > > > > Alex Birkett wrote: > > > Hi, > > > > > > Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher > > > suite. I've configured Open SSL (version 1.0.0.a) as a test server > with > > > what I think is a suitable ECC key/certificate (attached) The keys were > > > created with the attached script. > > > > > > The server was started like this: > > > openssl s_server -cert > > > /home/alex/keys/ssltest/Certs/secp160r2TestServer.pem -cipher > > > ECDHE-ECDSA-AES256-SHA > > > > > > An open ssl client can be successfully connected like this: > > > openssl s_client -connect localhost:4433 > > > The client says the connection is established with > > > the ECDHE-ECDSA-AES256-SHA cipher > > > > > > When a connection with Firefox is attempted the server give a series of > > > errors like this: > > > > > > 140068746417832:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > > > shared cipher:s3_srvr.c:1216: > > > shutting down SSL > > > > > > Can anybody explain this? Could it be a bug in OpenSSL? > > > > > > Many Thanks, > > > > > > Kind Regards, > > > > > > Alex > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [email protected] > > Automated List Manager [email protected] > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > -- Alex Birkett mBricks AS Fornebuveien 31, P.O. Box 69 NO-1324 Lysaker, NORWAY www.mbricks.no Follow us on Twitter: www.twitter.com/mBricksTeam
