Oh,
And when I tried with
openssl s_server -cipher ECCdraft -cert ecc.crt -key ecc.key -www
the errors I get:
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
1132:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.
\ssl\s3_pkt.c:1057:SSL alert number 40
1132:error:140780E5:SSL routines:SSL23_READ:ssl handshake failure:.\ssl\s23_lib.
c:142:
ACCEPT
accept error 10004
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
1132:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.
\ssl\s3_pkt.c:1057:SSL alert number 40
1132:error:140780E5:SSL routines:SSL23_READ:ssl handshake failure:.\ssl\s23_lib.
c:142:
ACCEPT
accept error 10004
Does that mean my ecc cert has some issues?
I've generate them using these commands:
1)openssl ecparam -genkey -name secp160r1 -out ecc.pem
2)openssl req -new -key ecc.pem -out ecc.csr
3)openssl ec -in ecc.pem -out ecc.key
4)openssl x509 -in ecc.csr -out ecc.crt -req -signkey ecc.key -days 7
Anything suspicious?
Thanks in advance!!!
IT Professional <[EMAIL PROTECTED]> wrote:
IT Professional <[EMAIL PROTECTED]> wrote:
Hi Marek,Thanks for your advice.I've done a check and these are the ciphers installed:AECDH-AES256-SHAAECDH-AES128-SHAAECDH-DES-CBC3-SHAAECDH-RC4-SHAAECDH-NULL-SHAECDHE-RSA-AES256-SHAECDHE-RSA-AES128-SHAECDHE-RSA-DES-CBC3-SHAECDHE-RSA-RC4-SHAECDHE-RSA-NULL-SHAECDH-RSA-AES256-SHAECDH-RSA-AES128-SHAECDH-RSA-DES-CBC3-SHAECDH-RSA-RC4-SHAECDH-RSA-NULL-SHAECDHE-ECDSA-AES256-SHAECDHE-ECDSA-AES128-SHAECDHE-ECDSA-DES-CBC3-SHAECDHE-ECDSA-RC4-SHAECDHE-ECDSA-NULL-SHAECDH-ECDSA-AES256-SHAECDH-ECDSA-AES128-SHAECDH-ECDSA-DES-CBC3-SHAECDH-ECDSA-RC4-SHAECDH-ECDSA-NULL-SHAMy apologies on the long listing but I didn't want to leave out any impt info.I've tested with 2 ECC certs, 1 with secp160r1 and the other with c2pnb163v3.But I still getting the same handshake failure error with this amended command:openssl s_client -cipher ECCdraft -connect localhost:443.
I was thinking my existing ciphers already do support so I can't find what's amiss.Thanks in advance!!!
Marek Marcola <[EMAIL PROTECTED]> wrote:Hello,
> I've generated ECC cert using openssl and was testing with the
> command:
> openssl s_client -connect localhost:443.
> Error was encountered:
> 2028:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:.\ssl\s23_clnt.c:562:
> Anyone has a idea what the error could mean?
> I can't be sure whether it's a server or a ECC cert issue?
> All advice would be appreciated.
> Thanks in advance!
ECC ciphers are not default, add -cipher ECCdraft to s_client/s_server
to enable this ciphers. Check that your installation supports
ECC ciphers too:
$ openssl ciphers -v ECCdraft
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Real people. Real questions. Real answers. Share what you know.
Yahoo! Movies- Search movie info and celeb profiles and photos.
- Re: sslv3 alert handshake failure IT Professional
- Re: sslv3 alert handshake failure Marek Marcola
- Re: sslv3 alert handshake failure IT Professional
- Re: sslv3 alert handshake failure Marek Marcola
- Re: sslv3 alert handshake failure IT Professional
- Re: sslv3 alert handshake failure IT Professional
- Re: sslv3 alert handshake failure IT Professional
Reply via email to
