> Yes, Auto is fine for clients, EC is only used if the server cipher suite
> requests it and is otherwise ignored.
>
> Auto only actually works with OpenSSL 1.0.2 and later, otherwise falls back
> to
> sslECDH_P256, but the rule now seems to be use the absolute latest OpenSSL
> for all
> the lat
> I can leave it always set to auto, right
Yes, Auto is fine for clients, EC is only used if the server cipher suite
requests
it and is otherwise ignored.
Auto only actually works with OpenSSL 1.0.2 and later, otherwise falls back to
sslECDH_P256, but the rule now seems to be use the absolute
>
> Again the HTTPS sample works fine, make sure you have set SslECDHMethod to
> sslECDHAuto.
Yep. That was it! Thanks again.
One more question... I can leave it always set to auto, right? This should
make the component connect successfully to more servers rather than less,
correct?
Thanks,
Al
> Here's another issue... I can't open this URL either (with v8.18):
> https://cert-test.sandbox.google.com
Again the HTTPS sample works fine, make sure you have set SslECDHMethod to
sslECDHAuto.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.
Angus,
Here's another issue... I can't open this URL either (with v8.18):
https://cert-test.sandbox.google.com
I get:
SslHandshakeErrCode> 1049 (0 if no error)
SslHandshakeRespMsg> error:14077419:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert access denied
Should I be concerned?
More info:
ht
> I would assume "Elliptic Curves encryption" is enabled by default.
No, but since sites now seem to be defaulting to using EC I'll change the
default
for SslECDHMethod to sslECDHAuto.
I also need to improve EC to handle other curves, but that is a little harder.
> Yeah! Upgrading to 8.18 s
> I'll try upgrading to 8.18 and report back.
Yeah! Upgrading to 8.18 seems to have fixed it. Pretty sure I was using 8.16
before.
Thanks,
Albert
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our
> https://www.ssllabs.com/ssltest/
>
> This tests the certificate and protocols supported by the server, and gives
> lots of clues as to what is wrong.
Angus,
Thanks for the above link and for your feedback and testing.
> But it could also be you have disabled Elliptic Curves encryption which
> Or maybe you have not supplied a DHParams file
Sorry, brain fade, you only need a DHParams file for servers to support DH, and
ECDH
protocols, not clients.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/t
> Does anyone know why this URL won't open/load:
> https://www.dietarysupplements.club/
>
> I get this (I'm not sure what it means):
> SslHandshakeErrCode> 1080 (0 if no error)
> SslHandshakeRespMsg> error:14077438:SSL
> routines:SSL23_GET_SERVER_HELLO:tlsv1
> alert internal error
That URL displ
10 matches
Mail list logo
