On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote:
> We use openSSL in OFTP2 implementation. The OFTP2 working group decided to
> strongly recommend to use preferably the cipher suites including PFS
> (ephemeral Diffie Hellman).
Preferably, does not mean exclusively. You should probably not
exclude non-PFS cipher suites for interoperability reasons.
> So in our implementation (linked against openssl 1.0.1g) I limited the list
> of offered ciphers (client) and preferred ciphers (server) to:
>
> DHE-RSA-AES256-SHA,
> EDH-RSA-DES-CBC3-SHA
> DHE-RSA-AES128-SHA
> ECDHE-RSA-AES256-SHA
> ECDHE-RSA-DES-CBC3-SHA
> ECDHE-RSA-AES128-SHA,
>
> using SSL_CTX_set_cipher_list.
>
> But on the legacy software side (linked against openSSL V0.9.8c),
Which does not support ECDHE, and probably is not configured with
DHE parameters, and hence does not support any of these.
> the server rejects the connection with the "No shared cipher" error.
As expected.
> On this site, the command "openssl ciphers" says that DHE-RSA-AES128-SHA and
> EDH-RSA-DES-CBC3-SHA are supported(among others).
These require configuration of server-side temp DH parameters.
> It is the same when I reverse the roles : the legacy binary becomes the
> client.In that case, wireshark shows TLS_DHE_RSA_WITH_AES_256_CBC_SHA and
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA in the offered list of cipher suites (among
> others).
>
> But the "restricted" binary rejects the connection with the same error.
> On this side, the same list of ciphers (listed above) are specified before
> accepting the connection (server)than before calling out (client).
Once again to use DHE, the server must set temp DH parameters, and
to use ECDHE must select a temp ECDH curve.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
