On Fri, Jun 20, 2003 at 12:22:58AM +0100, Jay Cornwall wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> I've just started my first project involving SSL, but sadly all is not rosy in
> the OpenSSL garden. Perhaps you can help me out?
>
> My server performs these OpenSSL library calls:
>
> 1. sslctx = SSL_CTX_new( SSLv3_server_method() );
> 2. SSL_CTX_use_RSAPrivateKey_file( sslctx, "/root/.saturn/rsa.pem",
> SSL_FILETYPE_PEM );
> 3. ssl = SSL_new( sslctx );
> 4. SSL_set_fd( ssl, clientfd );
> 5. SSL_accept( ssl );
>
> The problem is that the server and client can't seem to agree on a common
> cipher: both sides show (the same) large list of available ciphers (using
> SSL_get_ciphers()), but the SSL_connect() always results in the same error
> ("no shared cipher") on the server and a handshake failed error on the
> client.
>
> I've also tested using the OpenSSL s_client, and I get the same error when
> used with my server.
>
> I'm not really sure which cipher to use (I need to read up on it, I guess),
> but with no restrictions (i.e. not calling SSL_CTX_set_cipher_list()) or by
> restricting to individual ciphers, such as DES-CBC3-SHA, I still get the same
> error.
>
> Are there any preconditions for using these ciphers, apart from setting a
> private RSA key?
A corresponding public key (certificate) might be helpful.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
