I found the issue with my code was that I was calling the function :
SSL_CTX_set_psk_client_callback() after I had already created my SSL object
from the context.
I used SSL_set_psk_client_callback() on my SSL object instead and that fixed
it.
Lindani
--- On Sat, 7/3/10, Lindani Phiri <linda...@yahoo.com> wrote:
From: Lindani Phiri <linda...@yahoo.com>
Subject: Unable to set PSK ciphers for DTLS on Federa 13
To: openssl-users@openssl.org
Date: Saturday, July 3, 2010, 8:01 PM
I am unable to set the cipher "PSK-AES128-CBC-SHA" for my DTLS client code,
even though its displayed when I run openssl ciphers command. I can also set
this cipher
without any problem when I run "openssl s_client" test tool.
I get the following error during handshake :
error:140F80B5:SSL routines:DTLS1_CLIENT_HELLO:no ciphers
available:d1_clnt.c:67
Relevant code snippet:
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
char * cipher ="PSK-AES128-CBC-SHA";
SSL_CTX_set_cipher_list(dtls_ctx,cipher);
I also noticed that if I set my cipher to "DEFAULT" and run it against "openssl
s_server" supporting only PSK-AES128-CBC-SHA, I get this error in the server:
:no shared cipher:s3_srvr.c:
Indeed, looking at the handshake in wireshark, I noted that PSK-AES128-CBC-SHA
is not being
offered by my client, even though "openssl ciphers -v DEFAULT" shows it in the
list.
I think I am doing something fundamentaly wrong, but have no idea where to look.
Any ideas to troubleshoot?
Here is some info about my environment:
OS :
[lind...@fedora2 ~]$uname -a
Linux fedora2.localdomain 2.6.33.3-85.fc13.i686 #1 SMP Thu May 6 18:44:12 UTC
2010 i686 i686 i386 GNU/Linux
OpenSSL:
[lind...@fedora2 ~]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
[lind...@fedora2 ~]$ openssl ciphers -v PSK
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128)
Mac=SHA1
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
[lind...@fedora2 ~]$ openssl ciphers
DEFAULT
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5
Regards,
Lindani
