Hi,
thank you for your help again. A friend of mine solved the problem:
The error was caused by a wrong order of commands. If SSL_new is
executed before SSL_CTX_use_certificate_file and
SSL_CTX_use_RSAPrivateKey_file, the certs and the private key will not
be passed to the SSL structure. Conseque
On Fri, Apr 6, 2012 at 1:42 PM, crk wrote:
> Hi,
>
> unfortunately this didn't help.
>
> Besides, I am using SSL_library_init. The manual says
> OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are
> synonyms for SSL_library_init().
The client and server each call a different function
by: owner-openssl-us...@openssl.org
>>
>> 04/06/2012 07:07 PM
>>
>> Please respond to
>> openssl-users@openssl.org
>>
>> To
>>
>> openssl-users@openssl.org
>>
>> cc
>>
>> Subject
>>
>> Re: "no shared
6/2012 07:07 PM
>
> Please respond to
> openssl-users@openssl.org
>
> To
>
> openssl-users@openssl.org
>
> cc
>
> Subject
>
> Re: "no shared cipher"
>
> Hi Marek Marcola, thanks a lot for your help. I tried the commands with
> exactly t
Hi Marek Marcola, thanks a lot for your help. I tried the commands with
exactly the same certificates and private keys and the connection works.
This makes me half happy :)
So, maybe I doing something wrong on handshaking?
Best regards
chris r.
On 06.04.2012 18:46, marek.marc...@malkom.pl wrote
Hello,
Test connection works:
SERVER:
# openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem
-cipher RC4-SHA -tls1
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-BEGIN SSL SESSION PARAMETERS-
MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74L
On Mon, May 16, 2011 at 11:56:41AM +0100, Mike Bell wrote:
> Thanks Viktor,
>
> I hadn't properly understood the relationship between the certificate
> and the cipher, so I'll look at that now. I think I'm also confusing
> the OpenVPN?& OpenSSL relationship.
>
> OpenVPN does appear to be using TL
m e.g. (AES-128-CBC) with a cipher-suite,
which specifies also the authentication and message digest algorithms.
Generally, OpenSSL ciphersuites are defined for TLS. It is not clear
how these translate to your VPN device.
--
Viktor.
From: Victor Duchovni
To: "openssl-users@openssl.org&qu
On Fri, May 13, 2011 at 06:36:34PM +0100, Mike Bell wrote:
> I had originally put
> cipher AES-128-CBC
> in SERVER.OVPN & CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!)
I am not familiar with your VPN product, so you'll have to figure out
what configuration options are applicable. I
urity people are insisting on AES and either EC
DSA, DSA or RSA as the signature algorithm, but with a preference for ECDSA.
Thanks
From: Victor Duchovni
To: "openssl-users@openssl.org"
Sent: Friday, 13 May 2011, 17:56
Subject: Re: No shared cipher error using ECDSA
On Fri, May
On Fri, May 13, 2011 at 05:41:52PM +0100, Mike Bell wrote:
> However I keep getting a "no shared cipher" error.
>
> In my client & server openssl.cnf files I've specified
> cipher AES-128-CBC
This is not an EC cipher, and if you configure an EC cert, but specify
a cipher that is one of the ones
Hi,
I've generated certificates based on the secp256r1 curve and a connection to
the server can be established not only with FireFox, but also Internet
Explorer and Chrome. It must be that secp160r2 is not supported by the
browsers. Do you think it would be possible to add a more descriptive error
On Thu July 8 2010, Dirk Menstermann wrote:
> Hi,
>
> on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2
> does
> support only curves with 256, 384, and 521. Maybe this is the same for FF 3
> and
> your 160 bit curve is not supported.
>
Try: about:config in your browse
Hi,
on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2 does
support only curves with 256, 384, and 521. Maybe this is the same for FF 3 and
your 160 bit curve is not supported.
Bye
Dirk
Alex Birkett wrote:
> Hi,
>
> Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_2
Hi Alex,
are you sure, ff ist talking to the same server on port 4433?
Do you get a successful handshake when using a different ciphersuite on the
server?
Patrick Eisenacher
-Original Message-
From: Alex Birkett
Hi Patrick,
openssl s_client -connect localhost:4433 -cipher ECDHE-ECDSA
Hi Patrick,
openssl s_client -connect localhost:4433 -cipher ECDHE-ECDSA-AES256-SHA
works fine it sends the following cipher suite in the client hello message:
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Just double checked with wireshark and FF also sends
Cipher Suite: TLS_ECDHE_
Hi Alex,
if you configure s_client with the same list of ciphersuites that firefox
sends, then s_server will show the same reaction. That means your ff and your
s_client send different lists of ciphersuites.
You seem to invoke s_client with the standard list of ciphersuites...whatever
that is.
Hi Patrick,
Thanks for your response. FF 3.6.2 is
sending TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA in it's client hello message.
The command line OpenSSL client can be made to connect using this cipher
suite. Any ideas?
Thanks,
Alex
On 8 July 2010 13:41, Eisenacher, Patrick wrote:
> Hi Alex,
>
Hi Alex,
just check the list of ciphersuites that FF sends in its client hello message
and you'll see which ciphersuites FF supports.
HTH,
Patrick Eisenacher
-Original Message-
From: Alex Birkett
Hi,
Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher suite.
I've co
Thanks everyone for the help, I think I am getting closer. All of the SSL
has been removed from the listener (makes much more sense to me now), and
the Init routine has had CRYPTO_malloc_init() and
ENGINE_load_builtin_engines() added (it already had the other "basic"
routines).
When I use my clien
Aw, shoot. I see this is a re-issue of your question and others have
provided better answers already a few hours ago.
Keeping your browser open all night doesn't make gmail show a fresh
bunch when you wake up. Time for first coffee, pronto...
Anyway, check that add_all_algo thing anyway. Given you
Nothing glaring, except of course that this error is [almost] always
caused by the absence of a call to
OpenSSL_add_all_algorithms();
which is used to set up SSL with all the available ciphers, hashes, etc.
(And given your init code, I don't see
SSL_load_error_strings()
around either, which he
On Thu, Jan 22, 2009 at 08:51:20PM -0500, Dave Thompson wrote:
> Except as noted above, this sounds reasonable. I assume you realize
> that ALL includes, and could possibly negotiate, some weak ciphers;
> but since you're explicitly adding eNULL you apparently don't care.
> It certainly should be
> From: owner-openssl-us...@openssl.org On Behalf Of Dan Arcari
> Sent: Wednesday, 21 January, 2009 16:18
> I'm wondering if someone can help me with a "no shared cipher" error
occurring when I attempt
> SSL_accept? I'll try to explain what's being done as succinctly as
possible:
> 1. There are t
Hello,
> I am facing some difficulties with OpenSSL implementation and am stuck
at
> handshake failure.
> I have created a normal .exe (which acts as a server) which opens port
36003
> and loads the required certificate and private key and waits for any
> incoming connection.
> Once I recieve con
Mike Marshall wrote:
1) I couldn't find any code in the 3rd party library that calls
SSL_CTX_set_cipher_list
- does this mean I should call it myself? I thought I read
somewhere that if it wasn't called that some defaults were used or at
the very least OpenSSL could extract a list from th
Mike Marshall wrote:
so when a connection is accepted, here are the calls:
1) ssl = SSL_new(ctx)
2) BIO_new_socket
3) SSL_set_bio - called with the results of number 2
4) SSL_accept(ssl) <-- this line fails with a code of -1
5) SSL_get_error returns error code 1
6) ERR_peek_error
7) ERR_error_s
Straight from the OpenSSL FAQs...
* Why can't I make an SSL connection to a server using a DSA certificate?
Typically you'll see a message saying there are no shared ciphers when
the same setup works fine with an RSA certificate. There are two possible
causes. The client may not support connections
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 20 Jun 2003 07:29 am, Lutz Jaenicke wrote:
> > Are there any preconditions for using these ciphers, apart from setting a
> > private RSA key?
> A corresponding public key (certificate) might be helpful.
Aha, thank you.
I definitely do nee
On Fri, Jun 20, 2003 at 12:22:58AM +0100, Jay Cornwall wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi
>
> I've just started my first project involving SSL, but sadly all is not rosy in
> the OpenSSL garden. Perhaps you can help me out?
>
> My server performs these OpenSSL libra
"C. Gould" wrote:
>
> > > On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> > > > I have a simple server which I can connect to using the openssl
> > > > client, and using Netscape no problems.
> > > >
> > > > MS Internet Explorer refuses to connect and I get the dreaded
> > > > "no shared ci
"C. Gould" wrote:
>
> On Thursday 26 July 2001 02:48 am, you wrote:
> > Lutz Jaenicke wrote:
> > > On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> > > > I have a simple server which I can connect to using the openssl
> > > > client, and using Netscape no problems.
> > > >
> > > > MS Interne
Lutz Jaenicke wrote:
>
> On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> > I have a simple server which I can connect to using the openssl
> > client, and using Netscape no problems.
> >
> > MS Internet Explorer refuses to connect and I get the dreaded
> > "no shared cipher" message on my s
On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> I have a simple server which I can connect to using the openssl
> client, and using Netscape no problems.
>
> MS Internet Explorer refuses to connect and I get the dreaded
> "no shared cipher" message on my server.
>
> Pointing IE to openssl
Not: This is a mod_ssl related question. You should use
modssl users list to ask this question!
Anyway most probably you have restricted the cipherlist
to contain only high grade ciphers and you try to connect
with an export grade browser.
What doesn openssl ciphers -v tell you? What have you se
Hi
I got this problem when I use Netscape against one server that I have
implemented my self. My problem was that my version of Netscape only
supported weak encryption. (outside USA)
There is a program, Fortify for Netscape which can solve that problem. I
tried and it worked fine.
http://www.for
36 matches
Mail list logo
