Re: "no shared cipher"

Fri, 06 Apr 2012 09:48:17 -0700 

Hello,

Test connection works:

SERVER:
# openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem 
-cipher RC4-SHA -tls1
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74LUjhba+gnYZ
JrObUopzWYJc2tuSFoZlRsyhBgIET38dO6IEAgIcIKQGBAQBAAAAqwMEAQE=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:RC4-SHA
CIPHER is RC4-SHA
Secure Renegotiation IS supported
....

CLIENT:
# openssl s_client -cipher RC4-SHA -tls1
....
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
....

Best regards,
--
Marek Marcola <marek.marc...@malkom.pl>


owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM:

> crk <c...@crook.de> 
> Sent by: owner-openssl-us...@openssl.org
> 
> 04/06/2012 06:26 PM
> 
> Please respond to
> openssl-users@openssl.org
> 
> To
> 
> openssl-users@openssl.org
> 
> cc
> 
> Subject
> 
> "no shared cipher"
> 
> Hi,
> 
> I am trying to establish an tls1 connection between a server and a
> client, running in two threads.
> 
> When doing the handshake the server gets the hello message and throws an
> error:
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> 
> I am using on both sides SSL_CTX_set_cipher_list(ctx, "RC4-SHA").
> 
> To figure out the cipher string I used the following command:
> openssl ciphers -tls1 
"aRSA:AES:-kEDH:-ECDH:-SRP:-PSK:-NULL:-EXP:-MD5:-DES"
> which gave me:
> 
ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDH-
> 
RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-RC4-SHA:AES256-
> SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA
> 
> Also the certs and private keys for server and client are set up. No
> error here, I believe.
> 
> What am I doing wrong? (see more here: http://paste.debian.net/162331/)
> 
> Thanks so far,
> aureliano =)
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to