On Tue, Mar 04, 2014 at 10:03:54AM -0500, Jeffrey Walton wrote:
> > What is in the (non-extended) keyUsage extension of the certificate?
> > IIRC with EC, if the keyUsage extension is present, the certificate
> > needs to be marked usable for keyAgreement. From ssl/ssl_lib.c:
> >
> > ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
> > (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
> >
> > and right below that:
> >
> > ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
> > (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
> >
> > so you need at least both of digitalSignature and keyAgreement:
> >
> > https://www.openssl.org/docs/apps/x509v3_config.html#Key_Usage_
> >
> > or don't include the extension at all.
>
> The server's Key Usage is Digital Signature, Key Encipherment, Key
> Agreement. None of them are critical.
That should be sufficient. The next couple of lines in ssl_lib.c are:
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
ecdsa_ok = 0;
I am not familiar with the circumstances under which this might be false.
> Let me try adding a EKU of serverAuth to see if that helps.
Does the TLS client actually offer any ECDSA ciphers? It needs to
negotiate TLSv1 or higher to send a TLS extensions with a list of
supported curves.
You should check the content of the client SSL HELLO with wireshark
or similar.
Does the certificate/private key combination in question work with
"openssl s_server" as the server?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
