On Thu, Jun 26, 2014, mclellan, dave wrote: > I'm doing some experimentation with cipher lists using OpenSSL 1.0.1h. I > have two peers using the same libraries, and both enabled with these suites > in the call to SSL_set_cipher_list(): > > > 1. ECDHE-ECDSA-AES128-GCM-SHA256 > > 2. ECDHE-RSA-AES128-GCM-SHA256 > > 3. DHE-RSA-AES128-GCM-SHA256 > > These are shown by the 'openssl ciphers' command using the same libraries. > I have specified each of these individually to try out each one independently > of the others. > > Neither of the ECDHE ciphers (1 and 2 above) are chosen by my two peers, and > the result is 'no shared cipher' when either of these is specified. > > Cipher 3 is chosen successfully, so it seems that the failing component is > the elliptic curve modifier of DHE. > > If it's in the supported list, what is preventing ECDHE from being used? What > am I missing to use the ECDHE- suites? How can I track down where my mistake > is? > > Thanks for whatever guidance is offered. >
Are you setting the ECDH parameters in the server? If no ECDH parameters are set then all ECDHE ciphersuites are disabled. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
