Hi,
I am using a client application program which uses OpenSSL version
1.0.0h. I configured TLSv1.2 and I have set the cipher suite only as
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (i.e. ECDH-ECDSA-AES128-SHA256)
using the API SSL_CTX_set_cipher_list().
But what I find in packet capture, is that in Client Hello Message there
are 2 advertised ciphers suites. The first one
is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 and second cipher suite
is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (i.e. the one we requested),
although I've set only one cipher suite.
Moreover, my server application selects the the first advertised cipher
suite and carries on the handshake.
Can someone explain this behaviour? My requirement is to have the session
to use TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 this cipher suite only. What
needs to be done for this.
Regards
Suryya
