Hello,
I'm a newbie in openssl... I try to create a simple ssl client using
jsse and a simple ssl server using Openssl (using example server
serv.cpp). To make the communication even simpler I use cipher suites
with no authentication (SSL_DH_anon_WITH_3DES_EDE_CBC_SHA for jsse &
ADH-DES-CBC3-SHA for Openssl). The problem is that the client and the
server can't find a shared cipher suite... Does anyone know of any good
resources that deal in these issues? I Attach some code fom my
applications... The C++ application runs until CHK_SSL(err) and then
exit with the error code 19153:error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:772:
Java:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.out.println("Create SSLServer Socket Factory...");
SSLSocketFactory factory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
System.out.println("Requesting connection to " + ipaddress + " on
port 1111...");
s = (SSLSocket) factory.createSocket(ipaddress, 1111);
String[] cipher_suites = new String[1];
cipher_suites[0] = "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
s.setEnabledCipherSuites(cipher_suites);
String[] ncipher_suites = s.getEnabledCipherSuites();
System.out.println("Enabled cipher suites are: ");
for (int i = 0; i < ncipher_suites.length; i++) {
System.out.println(" " + ncipher_suites[i]);
}
System.out.println("The one negotiated is " +
s.getSession().getCipherSuite());
C++:
/* SSL preliminaries. We keep the certificate and key with the
context. */
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}
// Certificate code removed...
/* ----------------------------------------------- */
/* Prepare TCP socket for receiving connections */
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(listen_sd,"socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port
number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv)); CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5); CHK_ERR(err,
"listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
close (listen_sd);
printf ("Connection from %s, port %x\n", inet_ntoa((struct
in_addr)sa_cli.sin_addr), sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_cipher_list(ssl, "ADH-DES-CBC-SHA");
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl);
fprintf(stderr, "CHECK ERROR\n");
CHK_SSL(err);
/* Get the cipher - opt */
Thanks
Mattias Marberg
begin:vcard
n:Marberg;Mattias
tel;fax:031-55 13 84
tel;work:031-55 13 80
x-mozilla-html:TRUE
url:www.softcon.se
org:Software Control AB
adr:;;S:t Jörgens väg 2;Göteborg;;422 49;Sverige
version:2.1
email;internet:[EMAIL PROTECTED]
fn:Mattias Marberg
end:vcard
