Hi,
I have problems to establish a SSL connection where the server certificate is
based on an EC key. I first tried via the c-api, but I can't make it working
even with the command line tool. This is what I did:
xxx:~./openssl ecparam -name secp256r1 -genkey -out ecc1.pem
using curve name prime256v1 instead of secp256r1
xxx:~./openssl ec -in ecc1.pem -des3 -out ecc1.key
read EC key
writing EC key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
xxx:~./openssl req -config ./openssl.cnf -new -x509 -days 365 -key ecc1.key -out
ecc1.crt
Enter pass phrase for ecc1.key:
You are about to be asked to enter information that will be incorporated
.......
xxx:~./openssl s_server -accept 1000 -cert ecc1.crt -key ecc1.key
Enter pass phrase for ecc1.key:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
8664:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1037:
shutting down SSL
CONNECTION CLOSED
ACCEPT
ERROR
8664:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1037:
shutting down SSL
CONNECTION CLOSED
I can't connect via Firefox2 and also not with openssl using the s_client
option.
Also the pages reachable from http://ecc.fedora.redhat.com/ will not work with
openssl but will work with my Firefox.
xxx:~./openssl s_client -host ecc.fedora.redhat.com -port8443
CONNECTED(00000003)
8682:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:580:
xxx:~./openssl version OpenSSL 0.9.8h 28 May 2008
Any ideas what goes wrong?
Thanks
Jan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
