On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I was using secp521r1, but secp384r1 has the same behavior. Here is > the output with -state: > > SSL_connect:error in SSLv2/v3 read server hello A > 140735101956572:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:741:
Hmmm... without a server error message it isn't posible to be sure but I'd guess it is complaining about no shared ciphers. That shouldn't happen unless you've got some custom way of adding the necessary algorithms instead or you've changed the default cipherstring. OK there are three components that might be failing, GCM, EECDH and SHA384. I'd suggest seeing if you can connect with ciphersuites that don't use all of them to see which part is causing the problem. For example: ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384 ECDH-ECDSA-AES256-GCM-SHA384 With the server ciphersring as the default in each case. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
