On 10/8/10, daniel.war...@gdc4s.com <daniel.war...@gdc4s.com> wrote: > Using 1.0.0a s_server and s_client I was able to get TLS server only > authentication and client and server authentication using ECDH > certificates to work. > Using 1.0.0a s_server and s_client I was not able to get DTLS to work. > I found a comment in the code that > For now, we do not support client authentication using ECDH > certificates. > Will OpenSSL add support for DTLS client authentication using ECDH > certificate? > Also does anyone know why my DTLS EC server authentication failed? > > TLS EC Server Authentication > openssl s_server -accept 9001 -cert certs/secp256r1TestServer.pem -key > private/secp256r1TestServer.key -CAfile ./ca-certs/secp256r1TestCA.pem > -cipher ECDHE-ECDSA-AES256-SHA > openssl s_client -connect localhost:9001 -CAfile > ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA > Shared ciphers:ECDHE-ECDSA-AES256-SHA > CIPHER is ECDHE-ECDSA-AES256-SHA > > TLS EC Client and Server Authentication > openssl s_server -accept 9001 -cert certs/secp256r1TestServer.pem -key > private/secp256r1TestServer.key -CAfile ./ca-certs/secp256r1TestCA.pem > -cipher ECDHE-ECDSA-AES256-SHA > openssl s_client -connect localhost:9001 -cert > certs/secp256r1TestClient.pem -key private/secp256r1TestClient.key > -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA > Shared ciphers:ECDHE-ECDSA-AES256-SHA > CIPHER is ECDHE-ECDSA-AES256-SHA > > DTLS EC Server Authentication > openssl s_server -dtls1 -accept 9001 -cert certs/secp256r1TestServer.pem > -key private/secp256r1TestServer.key -CAfile > ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > ERROR > 5932:error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal > error:s3_srvr.c: > 725: > shutting down SSL > CONNECTION CLOSED > > openssl s_client -dtls1 -connect localhost:9001 -CAfile > ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA > CONNECTED(00000003) > 6092:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake > failure: > d1_pkt.c:963:SSL alert number 40 > 6092:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl > handshake failure:d1_pkt.c:1153: > > Dan Warren > > >
-- Sent from my mobile device ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org