On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I have; following is the relevant snippet: > > int nid = OBJ_sn2nid(ECDHE_CURVE); > if (NID_undef == nid) > goto err_obj_sn2nid; > > EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); > if (NULL == ecdh) > goto err_ec_key_new; > > SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh); >
That should be OK as long as you're using a standard curve like P-256 (NID_X9_62_prime256v1) or P-384 (NID_secp384r1). Do you get any errors server side? Do you get any alerts visible when you add the -state option to s_client? Something like no shared cipher would be expected if the server had (for some reason) decided ECDHE was not usable. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org