On Sunday 05 February 2017 17:05:40 Andreas Bartelt wrote: > > - What type of public certificate are you using (RSA or ECDSA)? > > ECDSA with P-256. Certificate signed by letsencrypt (via RSA). > Must-staple is enabled - that's why I'm also using the ocsp line for > testing.
Ah, this was the missing piece of information. In order to use ECDSA the client must support the curve used for the server certificate, otherwise when the server signs the server key exchange, the client will not be able to verify the signature. In the case where you announce that the client only supports P-384, any ECDSA ciphers are considered to be invalid for this session, effectively resulting in no shared ciphers and the handshake failure alert. In order for this configuration to work you need to include P-256 in the client supported groups. Specifying groups as "P-384:P-256" should still get you P-384, depending on the server configuration and whether the preference for a curve is based on the client or server preference (for libtls and hence httpd, it will be server preference).
