On Tue, Mar 04, 2014, Jeffrey Walton wrote: > On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > > On Tue, Mar 04, 2014, Jeffrey Walton wrote: > > > >> On Tue, Mar 4, 2014 at 9:02 AM, Viktor Dukhovni > >> <openssl-us...@dukhovni.org> wrote: > >> > On Tue, Mar 04, 2014 at 06:35:13AM -0500, Jeffrey Walton wrote: > >> > > >> >> I've got a server that can't negotiate a cipher suite with a client > >> >> when using ECDSA certificates. When using ECDSA, the server reports > >> >> 0x1408a0c1 (no shared cipher). > >> > > >> > Did you configure an EECDH (aka ECDHE) curve? With OpenSSL 1.0.[01], > >> > the more common ECDSA cipher-suites use kEECDH key agreement. > >> Yes. The server's preferred cipher list is: > >> > >> static const char PREFERRED_CIPHERS[] = > >> "ECDHE-ECDSA-AES256-GCM-SHA384:" > >> "ECDHE-ECDSA-AES128-GCM-SHA256:" > >> "ECDHE-RSA-AES256-GCM-SHA384:" > >> "ECDHE-RSA-AES128-GCM-SHA256:" > >> "DHE-RSA-AES256-GCM-SHA384:" > >> "DHE-RSA-AES128-GCM-SHA256:" > >> "DHE-RSA-AES256-SHA:" > >> "DHE-RSA-AES128-SHA:" > >> "EDH-RSA-DES-CBC3-SHA:" > >> "DH-RSA-DES-CBC3-SHA"; > >> > > > > Silly question time . Viktor asked if you'd set an ECDHE curve and you > > responded saying yes and a list of ciphersuites which by themselves don't > > set a curve. > > > > So just to double check: you did set a temporary curve parameters using > > something like SSL_CTX_set_tmp_ecdh? > > This is in the server's context setup code: > > SSL_CTX_set_tmp_dh_callback(ctx, DH_callback); > SSL_CTX_set_tmp_ecdh_callback(ctx, ECDH_callback); > > And: > > EC_KEY* ECDH_callback(SSL *ssl, int is_export, int keylength) > { > return ECDH256(); > } > > Finally: > > static EC_KEY* ECDH256() > { > EC_KEY* key = EC_KEY_new_by_curve_name(NistCurveToNidByBits(256)); > unsigned long err = ERR_get_error(); > ... > > return key; > } > > NistCurveToNidByBits(256) returns NID_X9_62_prime256v1. I also tried > returning NID_secp256k1 with the same result. > > I'm setting up Wireshark now on another machine to get the trace. >
Can you check to see if ECDH_callback is being called at all? I suspect it isn't. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org