xxx:~$ openssl s_client -connect ecc.fedora.redhat.com:8443 -ssl3 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0020BFC0 [00132000] (86 bytes => 86 (0x56)) 0000 - 16 03 00 00 51 01 00 00-4d 03 00 48 5a a5 74 38 ....Q...M..HZ.t8 0010 - 59 cc f7 49 e3 a2 ee f4-b5 2a 73 7e e6 69 47 15 Y..I.....*s~.iG. 0020 - c1 53 d7 29 87 eb 8c 5c-f2 84 e5 00 00 26 00 39 .S.)...\.....&.9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./ 0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08 ................ 0050 - 00 06 00 03 01 ..... 0056 - <SPACES/NULS> SSL_connect:SSLv3 write client hello A read from 0020BFC0 [0012D000] (5 bytes => 5 (0x5)) 0000 - 15 03 01 00 02 ..... write to 0020BFC0 [0080A000] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 28 ......( SSL3 alert write:fatal:handshake failure SSL_connect:error in SSLv3 read server hello A 19711:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:286:
On Thu, Jun 19, 2008 at 8:30 AM, Jan F. Schnellbaecher <[EMAIL PROTECTED]> wrote: > Hi, > > I have problems to establish a SSL connection where the server certificate > is based on an EC key. I first tried via the c-api, but I can't make it > working even with the command line tool. This is what I did: > > > xxx:~./openssl ecparam -name secp256r1 -genkey -out ecc1.pem > using curve name prime256v1 instead of secp256r1 > > xxx:~./openssl ec -in ecc1.pem -des3 -out ecc1.key > read EC key > writing EC key > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > > xxx:~./openssl req -config ./openssl.cnf -new -x509 -days 365 -key ecc1.key > -out ecc1.crt > Enter pass phrase for ecc1.key: > You are about to be asked to enter information that will be incorporated > ....... > > xxx:~./openssl s_server -accept 1000 -cert ecc1.crt -key ecc1.key > Enter pass phrase for ecc1.key: > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > ERROR > 8664:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:1037: > shutting down SSL > CONNECTION CLOSED > ACCEPT > ERROR > 8664:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:1037: > shutting down SSL > CONNECTION CLOSED > > > I can't connect via Firefox2 and also not with openssl using the s_client > option. > > Also the pages reachable from http://ecc.fedora.redhat.com/ will not work > with openssl but will work with my Firefox. > > > xxx:~./openssl s_client -host ecc.fedora.redhat.com -port8443 > CONNECTED(00000003) > 8682:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure:s23_clnt.c:580: > > xxx:~./openssl version OpenSSL 0.9.8h 28 May 2008 > > Any ideas what goes wrong? > > Thanks > Jan > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
