On Tue, Aug 21, 2001 at 03:04:59PM -0600, Nathan Bell wrote:
> I have a very unfortunate bug. Whenever I try to have a client connect
> to my server, the handshake fails because of
> SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER) being called.
>
> My session has no ciphers in it (???) but my context has ten. Why
> doesn't the call to ssl3_choose_cipher (s3_srvr.c line 766) use the
> context's cipher list if it can? It is already using the context's
> cipher_id list.
I don't get your point. The list of ciphers available/configured is
transformed into the the cipher ids to compare them with the cipher
ids sent by the client.
If no shared cipher is found, you have a problem with some preconditions
missing. (Preconditions listed in "man SSL_CTX_set_cipher_list", which
is available in an updated version at www.openssl.org.)
Also consider checking out "SSL_CTX_check_private_key()" (described
in "man SSL_CTX_use_certificate".
> I use my own socket and file i/o, could that be the problem?
No.
...
> SSL_accept(ssl_session); // this always returns -1, erroring out at
> s3_srvr.c line 766
Doesn't look bad at a first glance.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
