On Thu, Jun 26, 2014 at 09:30:49AM -0400, Jeffrey Walton wrote:
> > 1. ECDHE-ECDSA-AES128-GCM-SHA256
> >
> > 2. ECDHE-RSA-AES128-GCM-SHA256
> >
> > 3. DHE-RSA-AES128-GCM-SHA256
>
> The server needs an ECDSA key and certifcate to provide ECDSA. Its not
> clear if you have it.
Only for "1".
> I'm not sure why ECDHE-RSA-AES128-GCM-SHA256 is not selected.
Typically, no ECDH parameters set with SSL_CTX_set_tmp_ecdh().
Given RedHat and others shipping only P-256 and P-384, the most
interoperable choice is to use one of these two.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
