> From: [email protected] On Behalf Of Odomae Bro
> Sent: Thursday, 01 December, 2011 16:17
> I would like to turn off certificates and use anonymous DH for
> a DTLS exchange. What flags do I use in the s_server and s_client
programs?
> I set the -nocert flag in s_server, but I am getting the error
> " no cipher suite exchanged".
OpenSSL's default cipher "list" (really filter) has !aNULL, which
disables ADH and AECDH ciphersuites. In both s_server and s_client
you must use a -cipher string which enables at least one anonymous
ciphersuite. The simplest string is just ADH to enable all ADH-*
(note this includes the export-limited ones which aren't secure).
(In 0.9.8 you must also 'enable' ECCdraft to get *any* ECDH.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
