Hi, Steve, Thanks for your reply. I found no use to add dhparam file to my server and client. The connection still could not be setup. I found if I set server certificate and private key, the connection could be setup. That is, server certificate is required even I used SSL_CTX_set_verify to set both server and client mode to SSL_VERIFY_NONE. That realy makes me confused. I am using TLSv1 method. And I set ciphersuite to ALL:+ADH:+aNULL:+NULL:+eNULL with SSL_CTX_set_cipher_list(), but the connection still could not be setup without server certificate. Is there anything I can do?
Thanks, Roger > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Dr. > Stephen Henson > Sent: Friday, April 14, 2006 11:59 PM > To: openssl-users@openssl.org > Subject: Re: strange problem of "no shared cipher" for no > certificate TLS connection > > > On Fri, Apr 14, 2006, Zhang, Long (Roger) wrote: > > > Hi, > > > > I developed an application based on ACE_SSL which based on > openssl. I found I could not set up a TLS connection with no > certificate verification. That is I just want a TLS > connection without certificate. > > > > I used the same cipherlist and rand file with openssl > command, while openssl command could succeeded to setup a TLS > connection, but my application always failed with > "SSL3_GET_CLIENT_HELLO:no shared cipher" error. > > > > The FAQ question about no shared ciphers is relevant here. > Although this > refers to DSA certificates the comments also apply to no certificates: > > http://www.openssl.org/support/faq.html#USER8 > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
