Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Karel Sedláček
This problem is related to an issue I have been experiencing with a piece of bespoke software I am writing that uses OpenSSL to terminate SSL/TLS connections, using non-blocking I/O. Observations: - My server's TLS handshake for cipher ECDHE-ECDSA-AES256-GCM-SHA384 fails. - If I use ALL for my ser

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Dr. Stephen Henson
On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > This problem is related to an issue I have been experiencing with a > piece of bespoke software I am writing that uses OpenSSL to terminate > SSL/TLS connections, using non-blocking I/O. > > Observations: > - My server's TLS handshake for cipher ECDHE

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Karel Sedláček
I have; following is the relevant snippet: int nid = OBJ_sn2nid(ECDHE_CURVE); if (NID_undef == nid) goto err_obj_sn2nid; EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); if (NULL == ecdh) goto err_ec_key_new; SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh); On Fri, Nov 9, 2012 at 5:32 PM, Dr

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Dr. Stephen Henson
On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I have; following is the relevant snippet: > > int nid = OBJ_sn2nid(ECDHE_CURVE); > if (NID_undef == nid) > goto err_obj_sn2nid; > > EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); > if (NULL == ecdh) > goto err_ec_key_new; > > SSL_C

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Karel Sedláček
I was using secp521r1, but secp384r1 has the same behavior. Here is the output with -state: CONNECTED(0003) SSL_connect:before/connect initialization write to 0x7fe008426dd0 [0x7fe008810800] (165 bytes => 165 (0xA5)) - 16 03 01 00 a0 01 00 00-9c 03 03 50 9d 3f 85 bf ...P.?.. 001

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Dr. Stephen Henson
On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I was using secp521r1, but secp384r1 has the same behavior. Here is > the output with -state: > > SSL_connect:error in SSLv2/v3 read server hello A > 140735101956572:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2012-11-09 Thread Karel Sedláček
Just discovered the culprit. I had configured the server using TLSv1_server_method(), going from and assuming TLSv1 encompasses v1.{1,2}. Stumbled on this by chance by experimenting with forcing TLSv1.2 (of which the desired cipher suite is a part)

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2013-06-07 Thread mehroz
Hi, Could you help where do i need to change the method from TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to be addresses? -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html Sent

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

2013-06-27 Thread Karel Sedláček
) . Which files(s) need to > be addresses? > > > > -- > View this message in context: > http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html > Sent from the OpenSSL