On Tue, Mar 4, 2014 at 11:46 AM, Dr. Stephen Henson <[email protected]> wrote:
> On Tue, Mar 04, 2014, Jeffrey Walton wrote:
>
>> On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson <[email protected]>
>> wrote:
>> > On Tue, Mar 04, 2014, Jeffrey Walton wrote:
>> >
>> >> On Tue, Mar 4, 2014 at 9:02 AM, Viktor Dukhovni
>> >> <[email protected]> wrote:
>> >> > On Tue, Mar 04, 2014 at 06:35:13AM -0500, Jeffrey Walton wrote:
>> >> >
>> >> >> I've got a server that can't negotiate a cipher suite with a client
>> >> >> when using ECDSA certificates. When using ECDSA, the server reports
>> >> >> 0x1408a0c1 (no shared cipher).
>> >> >
>> >> > Did you configure an EECDH (aka ECDHE) curve? With OpenSSL 1.0.[01],
>> >> > the more common ECDSA cipher-suites use kEECDH key agreement.
>> >> Yes. The server's preferred cipher list is:
>> >>
>> >> static const char PREFERRED_CIPHERS[] =
>> >> "ECDHE-ECDSA-AES256-GCM-SHA384:"
>> >> "ECDHE-ECDSA-AES128-GCM-SHA256:"
>> >> "ECDHE-RSA-AES256-GCM-SHA384:"
>> >> "ECDHE-RSA-AES128-GCM-SHA256:"
>> >> "DHE-RSA-AES256-GCM-SHA384:"
>> >> "DHE-RSA-AES128-GCM-SHA256:"
>> >> "DHE-RSA-AES256-SHA:"
>> >> "DHE-RSA-AES128-SHA:"
>> >> "EDH-RSA-DES-CBC3-SHA:"
>> >> "DH-RSA-DES-CBC3-SHA";
>> >>
>> >
>> > Silly question time . Viktor asked if you'd set an ECDHE curve and you
>> > responded saying yes and a list of ciphersuites which by themselves don't
>> > set a curve.
>> >
>> > So just to double check: you did set a temporary curve parameters using
>> > something like SSL_CTX_set_tmp_ecdh?
>>
>> This is in the server's context setup code:
>>
>> SSL_CTX_set_tmp_dh_callback(ctx, DH_callback);
>> SSL_CTX_set_tmp_ecdh_callback(ctx, ECDH_callback);
>>
>> And:
>>
>> EC_KEY* ECDH_callback(SSL *ssl, int is_export, int keylength)
>> {
>> return ECDH256();
>> }
>>
>> Finally:
>>
>> static EC_KEY* ECDH256()
>> {
>> EC_KEY* key = EC_KEY_new_by_curve_name(NistCurveToNidByBits(256));
>> unsigned long err = ERR_get_error();
>> ...
>>
>> return key;
>> }
>>
>> NistCurveToNidByBits(256) returns NID_X9_62_prime256v1. I also tried
>> returning NID_secp256k1 with the same result.
>>
>> I'm setting up Wireshark now on another machine to get the trace.
>>
>
> Can you check to see if ECDH_callback is being called at all? I suspect it
> isn't.
Going back to my config notes:
# Open "Configure", change '-O3' to '-Os'
# Open "Configure", add '-g3' to target "linux-x86_64"
./config fips shared no-ssl2 no-ec2m enable-ec_nistp_64_gcc_128
no-srp no-psk
openssl-fips-ecp-2.0.5.tar.gz is the underlying fips tar ball.
Do any of the config options set off alarm bells? (I'm getting ready
to try a build using -O3).
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
