On Tue, Mar 4, 2014 at 6:35 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > I've got a server that can't negotiate a cipher suite with a client > when using ECDSA certificates. When using ECDSA, the server reports > 0x1408a0c1 (no shared cipher). > > The same server can consume RSA and DSA certificates. (In fact, all > the public key and certificate routines are generic and only differ by > EVP key type, so the same routines produced the RSA, DSA and ECDSA > keys and certs). > > The ECDSA CA and Server certs are built using P-256 (specifically, > NID_X9_62_prime256v1) and SHA-256.
Here's a test set of keys and certs: http://wiki.openssl.org/index.php/file:ecdsa-keys-and-certs.tar.gz. The files are PEM-encoded and described below:: * signing-ecdsa-cert.pem - the CA cert * signing-ecdsa-key-plain.pem - the CA key, no password * server-ecdsa-cert.pem - the server cert * server-ecdsa-key-plain.pem - the server key, no password The server has two SANs and one is 'localhost', so it should be testable. Sorry to put it on the OpenSSL wiki. I'm not up on file sharing sites, and I don't know where to go to avoid porn and malware. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org