On Mon, Apr 30, 2012, barcaroller wrote: > > I have an SSL server that requests a client certificate from an SSL > client. Both were written using OpenSSL. This all works fine until > I ask the server to use Diffie-Hellman parameters; then the client > will not respond. > > My question is this: what impact do Diffie-Hellman parameters have > on client certificate requests? > > > With Diffie-Hellman parameters (does not work) > ============================== > Client: Client Hello > > Server: Server Hello (Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)) > Server Key Exchange > Certificate Request > Server Hello Done > > Client: <client never responds> >
Wrong ciphersuite. Client certificates cannot be requested by anon DH ciphersuites. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
