Hello, Test connection works:
SERVER: # openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem -cipher RC4-SHA -tls1 Using default temp DH parameters Using default temp ECDH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74LUjhba+gnYZ JrObUopzWYJc2tuSFoZlRsyhBgIET38dO6IEAgIcIKQGBAQBAAAAqwMEAQE= -----END SSL SESSION PARAMETERS----- Shared ciphers:RC4-SHA CIPHER is RC4-SHA Secure Renegotiation IS supported .... CLIENT: # openssl s_client -cipher RC4-SHA -tls1 .... New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA .... Best regards, -- Marek Marcola <marek.marc...@malkom.pl> owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM: > crk <c...@crook.de> > Sent by: owner-openssl-us...@openssl.org > > 04/06/2012 06:26 PM > > Please respond to > openssl-users@openssl.org > > To > > openssl-users@openssl.org > > cc > > Subject > > "no shared cipher" > > Hi, > > I am trying to establish an tls1 connection between a server and a > client, running in two threads. > > When doing the handshake the server gets the hello message and throws an > error: > error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > I am using on both sides SSL_CTX_set_cipher_list(ctx, "RC4-SHA"). > > To figure out the cipher string I used the following command: > openssl ciphers -tls1 "aRSA:AES:-kEDH:-ECDH:-SRP:-PSK:-NULL:-EXP:-MD5:-DES" > which gave me: > ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDH- > RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-RC4-SHA:AES256- > SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA > > Also the certs and private keys for server and client are set up. No > error here, I believe. > > What am I doing wrong? (see more here: http://paste.debian.net/162331/) > > Thanks so far, > aureliano =) > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org