it dpends how many characters differ when sorted. in this case:
ECDHE-ECDSA-DES-CBC3-SHA -> ----3AABCCCCDDDEEEEHHSSS * *** ** ECDHE-ECDSA-3DES-EDE-SHA -> ----3AACCDDDDEEEEEEHHSSS you can see (marked by *) that 6 characters don't match. now 6 is a triangular number, but the length of the entire cipher suite is 24, which isn't triangule (the closest is 21). so they're only going to inter-operate on tuesdays. andrew On Fri, Dec 13, 2013 at 07:30:02PM +0100, Walter H. wrote: > On 12.12.2013 14:16, Erwann Abalea wrote: > >It's not strange. > >You removed the RSA-* from client side, the result is that the > >server can't match anything in common between what the client > >proposed and what the server accepts. The error you get has been > >sent by the server. > > > The server is capable of ciphers DHE-* and others; > the list is quite longer than the avaiable ciphers of the client ..., > so I think this is quite strange ... > > openssl ciphers -V > > shows e.g. ECDHE-ECDSA-DES-CBC3-SHA > the site https://cc.dcsec.uni-hannover.de/ shows this: > ECDHE-ECDSA-3DES-EDE-SHA > > are these the same cipher suites but two confusing names? > > Walter > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org