Hi Marek,
Thanks for your advice.
I've done a check and these are the ciphers installed:
AECDH-AES256-SHA
AECDH-AES128-SHA
AECDH-DES-CBC3-SHA
AECDH-RC4-SHA
AECDH-NULL-SHA
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
ECDHE-RSA-NULL-SHA
ECDH-RSA-AES256-SHA
ECDH-RSA-AES128-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-RSA-RC4-SHA
ECDH-RSA-NULL-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-ECDSA-NULL-SHA
ECDH-ECDSA-AES256-SHA
ECDH-ECDSA-AES128-SHA
ECDH-ECDSA-DES-CBC3-SHA
ECDH-ECDSA-RC4-SHA
ECDH-ECDSA-NULL-SHA
My apologies on the
long listing but I didn't want to leave out any impt info.
I've tested with 2 ECC certs, 1 with secp160r1 and the other with c2pnb163v3.
But I still getting the same handshake failure error with this amended command:openssl s_client -cipher ECCdraft -connect localhost:443.
I was thinking my existing ciphers already do support so I can't find what's amiss.
Thanks in advance!!!
Marek Marcola <[EMAIL PROTECTED]> wrote:
Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> I've generated ECC cert using openssl and was testing with the
> command:
> openssl s_client -connect localhost:443.
> Error was encountered:
> 2028:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:.\ssl\s23_clnt.c:562:
> Anyone has a idea what the error could mean?
> I can't be sure whether it's a server or a ECC cert issue?
> All advice would be appreciated.
> Thanks in advance!
ECC ciphers are not default, add -cipher ECCdraft to s_client/s_server
to enable this ciphers. Check that your installation supports
ECC ciphers too:
$ openssl ciphers -v ECCdraft
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Real people. Real questions. Real answers. Share what you know.
