I have; following is the relevant snippet: int nid = OBJ_sn2nid(ECDHE_CURVE); if (NID_undef == nid) goto err_obj_sn2nid;
EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); if (NULL == ecdh) goto err_ec_key_new; SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh); On Fri, Nov 9, 2012 at 5:32 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > >> This problem is related to an issue I have been experiencing with a >> piece of bespoke software I am writing that uses OpenSSL to terminate >> SSL/TLS connections, using non-blocking I/O. >> >> Observations: >> - My server's TLS handshake for cipher ECDHE-ECDSA-AES256-GCM-SHA384 fails. >> - If I use ALL for my server cipher list and specify no cipher list >> for `openssl s_client`, `openssl s_client` successfully negotiates >> ECDH-ECDSA-AES256-SHA. > > Have you set up appropriate ECDH temporary key parameters in the server ? If > no > ECDH temporary parameters are set up then ECDHE ciphersuites are disabled by > the server. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org