Now it works, recreating the client cert with extensions as below made it work.
openssl x509 -noout -text -in frja-cert.pem
Fredrik
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=SE, ST=Stockholm, O
I actually got a bit further with a secp256r1 server certificate, I
also changed the server certificate version from 1 to 3.
Now I get:
Info2014-Nov-17 15:03:18.625733 All.TLSVerbose ssl_info_cb:
write:fatal:certificate unknown
Info2014-Nov-17 15:03:18.625759 All.TLSVerbose ssl_
More tests as you suggested:
openssl s_client -tls1_2 -connect XXX:9103
openssl s_server -state -tls1_2 -cipher SUITEB128 -accept 9103
Using default temp DH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read client hel
Hi!
I have tried with s_client, and I get the same error.
Is there any kind of logging callback I can add to my server code that
might shed some light on this (I have set SSL_CTX_set_info_callback)?
Fredrik
On Mon, Nov 17, 2014 at 1:01 PM, Dr. Stephen Henson wrote:
> On Mon, Nov 17, 2014, Fred
On Mon, Nov 17, 2014, Fredrik Jansson wrote:
> Some more info,
>
> SSL_get_ciphers on the server and client:
> Info2014-Nov-17 10:48:26.961112 All.TLSVerbose
> ECDHE-ECDSA-AES128-GCM-SHA256
> Info2014-Nov-17 10:48:26.961114 All.TLSVerbose
> ECDHE-ECDSA-AES256-GCM-SHA384
>
> When
Some more info,
SSL_get_ciphers on the server and client:
Info2014-Nov-17 10:48:26.961112 All.TLSVerbose
ECDHE-ECDSA-AES128-GCM-SHA256
Info2014-Nov-17 10:48:26.961114 All.TLSVerbose
ECDHE-ECDSA-AES256-GCM-SHA384
When I do the same on the client, both of the ciphers above are liste
Hi Steve!
I remade the certs as below, but I still get the same error, i.e.
1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher.
Anything else I can try?
Warm regards,
Fredrik
openssl x509 -noout -text -in ca-cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial N
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi Steve, thanks for helping out!
>
> The server cert is P-256 and the CA is P-384, please see below. Is that ok?
>
That is but this isn't:
>
> Signature Algorithm: ecdsa-with-SHA1
>
The signing digest needs to match the curve. So if you s
Hi Steve, thanks for helping out!
The server cert is P-256 and the CA is P-384, please see below. Is that ok?
Fredrik
openssl x509 -noout -text -in server-secp256r1-cert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SH
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi!
>
> Thanks!
>
> I am using 1.0.2b3 on both server and client, and I have the call to
> SSL_CTX_set_ecdh_auto, but still no luck.
>
> The exact code is as follows:
>
> 358 void initialize(TLSSettings const& settings) {
> 359 ctx_ =
Hi!
Thanks!
I am using 1.0.2b3 on both server and client, and I have the call to
SSL_CTX_set_ecdh_auto, but still no luck.
The exact code is as follows:
358 void initialize(TLSSettings const& settings) {
359 ctx_ = SSL_CTX_new(TLSv1_2_server_method());
360 if (!ctx_) {
361
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi!
>
> I am trying to force my TLS 1.2 connection into Suite B mode, but at
> handshake I get an error "no shared cipher".
>
> The server code is basically:
>
> SSL_CTX_new(TLSv1_2_server_method());
> //ECDSA cert is added to the ctx
> SSL_CTX_use
Hi!
I am trying to force my TLS 1.2 connection into Suite B mode, but at
handshake I get an error "no shared cipher".
The server code is basically:
SSL_CTX_new(TLSv1_2_server_method());
//ECDSA cert is added to the ctx
SSL_CTX_use_certificate(ctx_, serverCert.cert.get())
SSL_CTX_use_PrivateKey(c
13 matches
Mail list logo
