This problem is related to an issue I have been experiencing with a piece of bespoke software I am writing that uses OpenSSL to terminate SSL/TLS connections, using non-blocking I/O.
Observations: - My server's TLS handshake for cipher ECDHE-ECDSA-AES256-GCM-SHA384 fails. - If I use ALL for my server cipher list and specify no cipher list for `openssl s_client`, `openssl s_client` successfully negotiates ECDH-ECDSA-AES256-SHA. - `openssl s_client` is able to successfully negotiate ECDHE-ECDSA-AES256-GCM-SHA384 with `openssl s_server` and the same certificate, key, and CAfile. Attached are outputs from `openssl s_client` as follows: - debug.bad_handshake: connecting to my server with `openssl s_client -debug -key key/cli.key.pem -cert key/cli.crt.pem -CAfile key/trust.pem -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect 127.0.0.1:4433` - debug.good_handshake: connecting to my server with cipher list ALL on server and `openssl s_client -debug -key key/cli.key.pem -cert key/cli.crt.pem -CAfile key/trust.pem -connect 127.0.0.1:4433` - debug.s_server_handshake: - server: `openssl s_server -debug -nbio -key key/key.pem -cert key/cert.pem -CAfile key/trust.pem -cipher ECDHE-ECDSA-AES256-GCM-SHA384` - client: `openssl s_client -debug -key key/cli.key.pem -cert key/cli.crt.pem -CAfile key/trust.pem -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect 127.0.0.1:4433` On the server side I get a dirty failure mode from SSL_get_error(), when using ECDHE-ECDSA-AES256-GCM-SHA384. k
debug.bad_handshake
Description: Binary data
debug.good_handshake
Description: Binary data
debug.s_server_handshake
Description: Binary data
