Hi Dave Thanks for your reply. In the code for s_server and s_client, I manually set cipher= "aNULL" and I still get the same error.
One thing to note is: I used the built in s_server and s_client (command line) as follows and the ssl connection is established. openssl s_server -nocert -cipher aNULL openssl s_client -cipher aNULL However when I add the dtls1 option , this fails i.e openssl s_server -nocert -cipher aNULL - dtls1 openssl s_client -cipher aNULL -dtls1 Any idea why anon DH wont work for dtls? On Thu, Dec 1, 2011 at 6:40 PM, Dave Thompson <dthomp...@prinpay.com> wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro > > Sent: Thursday, 01 December, 2011 16:17 > > > I would like to turn off certificates and use anonymous DH for > > a DTLS exchange. What flags do I use in the s_server and s_client > programs? > > > I set the -nocert flag in s_server, but I am getting the error > > " no cipher suite exchanged". > > OpenSSL's default cipher "list" (really filter) has !aNULL, which > disables ADH and AECDH ciphersuites. In both s_server and s_client > you must use a -cipher string which enables at least one anonymous > ciphersuite. The simplest string is just ADH to enable all ADH-* > (note this includes the export-limited ones which aren't secure). > (In 0.9.8 you must also 'enable' ECCdraft to get *any* ECDH.) > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
