Using 1.0.0a s_server and s_client I was able to get TLS server only authentication and client and server authentication using ECDH certificates to work. Using 1.0.0a s_server and s_client I was not able to get DTLS to work. I found a comment in the code that For now, we do not support client authentication using ECDH certificates. Will OpenSSL add support for DTLS client authentication using ECDH certificate? Also does anyone know why my DTLS EC server authentication failed?
TLS EC Server Authentication openssl s_server -accept 9001 -cert certs/secp256r1TestServer.pem -key private/secp256r1TestServer.key -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA openssl s_client -connect localhost:9001 -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA Shared ciphers:ECDHE-ECDSA-AES256-SHA CIPHER is ECDHE-ECDSA-AES256-SHA TLS EC Client and Server Authentication openssl s_server -accept 9001 -cert certs/secp256r1TestServer.pem -key private/secp256r1TestServer.key -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA openssl s_client -connect localhost:9001 -cert certs/secp256r1TestClient.pem -key private/secp256r1TestClient.key -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA Shared ciphers:ECDHE-ECDSA-AES256-SHA CIPHER is ECDHE-ECDSA-AES256-SHA DTLS EC Server Authentication openssl s_server -dtls1 -accept 9001 -cert certs/secp256r1TestServer.pem -key private/secp256r1TestServer.key -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 5932:error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal error:s3_srvr.c: 725: shutting down SSL CONNECTION CLOSED openssl s_client -dtls1 -connect localhost:9001 -CAfile ./ca-certs/secp256r1TestCA.pem -cipher ECDHE-ECDSA-AES256-SHA CONNECTED(00000003) 6092:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure: d1_pkt.c:963:SSL alert number 40 6092:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake failure:d1_pkt.c:1153: Dan Warren
