Re: Server ECDSA certificate requirements for 1.0.1f?

Tue, 04 Mar 2014 08:51:11 -0800 

On Tue, Mar 04, 2014, Jeffrey Walton wrote:

> On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
> > On Tue, Mar 04, 2014, Jeffrey Walton wrote:
> >
> >> On Tue, Mar 4, 2014 at 9:02 AM, Viktor Dukhovni
> >> <openssl-us...@dukhovni.org> wrote:
> >> > On Tue, Mar 04, 2014 at 06:35:13AM -0500, Jeffrey Walton wrote:
> >> >
> >> >> I've got a server that can't negotiate a cipher suite with a client
> >> >> when using ECDSA certificates. When using ECDSA, the server reports
> >> >> 0x1408a0c1 (no shared cipher).
> >> >
> >> > Did you configure an EECDH (aka ECDHE) curve?  With OpenSSL 1.0.[01],
> >> > the more common ECDSA cipher-suites use kEECDH key agreement.
> >> Yes. The server's preferred cipher list is:
> >>
> >> static const char PREFERRED_CIPHERS[] =
> >>     "ECDHE-ECDSA-AES256-GCM-SHA384:"
> >>     "ECDHE-ECDSA-AES128-GCM-SHA256:"
> >>     "ECDHE-RSA-AES256-GCM-SHA384:"
> >>     "ECDHE-RSA-AES128-GCM-SHA256:"
> >>     "DHE-RSA-AES256-GCM-SHA384:"
> >>     "DHE-RSA-AES128-GCM-SHA256:"
> >>     "DHE-RSA-AES256-SHA:"
> >>     "DHE-RSA-AES128-SHA:"
> >>     "EDH-RSA-DES-CBC3-SHA:"
> >>     "DH-RSA-DES-CBC3-SHA";
> >>
> >
> > Silly question time . Viktor asked if you'd set an ECDHE curve and you
> > responded saying yes and a list of ciphersuites which by themselves don't
> > set a curve.
> >
> > So just to double check: you did set a temporary curve parameters using
> > something like SSL_CTX_set_tmp_ecdh?
> 
> This is in the server's context setup code:
> 
>     SSL_CTX_set_tmp_dh_callback(ctx, DH_callback);
>     SSL_CTX_set_tmp_ecdh_callback(ctx, ECDH_callback);
> 
> And:
> 
>   EC_KEY* ECDH_callback(SSL *ssl, int is_export, int keylength)
>   {
>     return ECDH256();
>   }
> 
> Finally:
> 
>   static EC_KEY* ECDH256()
>   {
>     EC_KEY* key = EC_KEY_new_by_curve_name(NistCurveToNidByBits(256));
>     unsigned long err = ERR_get_error();
>     ...
> 
>     return key;
>   }
> 
> NistCurveToNidByBits(256) returns NID_X9_62_prime256v1. I also tried
> returning NID_secp256k1 with the same result.
> 
> I'm setting up Wireshark now on another machine to get the trace.
> 

Can you check to see if ECDH_callback is being called at all? I suspect it
isn't.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to