Hello,
>
> And when I tried with
> openssl s_server -cipher ECCdraft -cert ecc.crt -key ecc.key -www
> the errors I get:
> Loading 'screen' into random state - done
> Using default temp DH parameters
> Using default temp ECDH parameters
> ACCEPT
> 1132:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
> failure:.
> \ssl\s3_pkt.c:1057:SSL alert number 40
> 1132:error:140780E5:SSL routines:SSL23_READ:ssl handshake
> failure:.\ssl\s23_lib.
> c:142:
> ACCEPT
> accept error 10004
>
> Does that mean my ecc cert has some issues?
> I've generate them using these commands:
> 1)openssl ecparam -genkey -name secp160r1 -out ecc.pem
> 2)openssl req -new -key ecc.pem -out ecc.csr
> 3)openssl ec -in ecc.pem -out ecc.key
> 4)openssl x509 -in ecc.csr -out ecc.crt -req -signkey ecc.key -days 7
>
> Anything suspicious?
This procedure seems to work when connecting with:
$ openssl s_client -cipher ECCdraft
but in your situation you get from peer (client) alert message 40
which means that client was not able to negotiate an acceptable
set of security services. In this situation this probably means
that client does not support certificates with ECC parameters.
This should be checked.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
