strange problem of "no shared cipher" for no certificate TLS connection

Zhang, Long \(Roger\) Fri, 14 Apr 2006 06:41:12 -0700

Hi,

I developed an application based on ACE_SSL which based on openssl. I found I 
could not set up a TLS connection with no certificate verification. That is I 
just want a TLS connection without certificate.


 I used the same cipherlist and rand file with openssl command, while openssl 
command could succeeded to setup a TLS connection, but my application always 
failed with "SSL3_GET_CLIENT_HELLO:no shared cipher" error. 

successful openssl command
On server side
        openssl s_server -accept 25062 -nocert -cipher aNULL -rand 
/home/zhangl/openssl/test/ca.bak/newcerts/01.pem
On client side
        openssl s_client -connect gdcqd1:25062 -cipher aNULL -rand 
/home/zhangl/openssl/test/ca.bak/newcerts/01.pem

I opened CIPHER_DEBUG, and following info was printed. Seems like server has 
got client ciphersuite, and they have same cipher suite, but why there is a "no 
shared cipher"? Anyone can help to clarify my confusion? Thanks!

#############################################
Server has 13 from 3766b0:
fef2472c:EXP-AECDH-RC4-40-SHA
fef24704:EXP-AECDH-DES-40-CBC-SHA
fef246dc:AECDH-DES-CBC3-SHA
fef246b4:AECDH-DES-CBC-SHA
fef2468c:AECDH-RC4-SHA
fef24664:AECDH-NULL-SHA
fef2440c:ADH-AES256-SHA
fef2431c:ADH-AES128-SHA
fef241dc:ADH-DES-CBC3-SHA
fef241b4:ADH-DES-CBC-SHA
fef2418c:EXP-ADH-DES-CBC-SHA
fef24164:ADH-RC4-MD5
fef2413c:EXP-ADH-RC4-MD5
Client sent 13 from 376670:
fef2472c:EXP-AECDH-RC4-40-SHA
fef24704:EXP-AECDH-DES-40-CBC-SHA
fef246dc:AECDH-DES-CBC3-SHA
fef246b4:AECDH-DES-CBC-SHA
fef2468c:AECDH-RC4-SHA
fef24664:AECDH-NULL-SHA
fef2440c:ADH-AES256-SHA
fef2431c:ADH-AES128-SHA
fef241dc:ADH-DES-CBC3-SHA
fef241b4:ADH-DES-CBC-SHA
fef2418c:EXP-ADH-DES-CBC-SHA
fef24164:ADH-RC4-MD5
fef2413c:EXP-ADH-RC4-MD5
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef2472c:EXP-AECDH-RC4-40-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef24704:EXP-AECDH-DES-40-CBC-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef246dc:AECDH-DES-CBC3-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef246b4:AECDH-DES-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef2468c:AECDH-RC4-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000880:00000800]fef24664:AECDH-NULL-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef2440c:ADH-AES256-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef2431c:ADH-AES128-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef241dc:ADH-DES-CBC3-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef241b4:ADH-DES-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef2418c:EXP-ADH-DES-CBC-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef24164:ADH-RC4-MD5
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[00000810:00000800]fef2413c:EXP-ADH-RC4-MD5 (export)
#############################################

Roger

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

strange problem of "no shared cipher" for no certificate TLS connection

Reply via email to