2013/8/7 Carter Browne <[email protected]>: > I'm using stunnel 4.56 on Windows 7. When I use the following cipher list: > > ciphers = > ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-SHA > > to establish a connection, I get a "no shared cipher" response. > > The following set of ciphers does work: > > ciphers = > ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA > > Other relevant settings: > > options = NO_SSLv2 > sslVersion = all > fips = no > verify = 2 > > If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the > ECDHE-RSA-AES128-SHA cipher is selected. > > What am I doing wrong?
To be able to use any of the ECDSA cipher suites you obviously must have ECDSA certificate. If you have only RSA certificate you cannot use any ECDSA cipher suites. As far as I know no CA will sell you ECDSA certificate currently. Unless you run your own CA you must use RSA to achieve any compatibility. -- Janusz Dziemidowicz _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
