On Tue, Jul 26, 2016 at 11:52:25AM +0200, Martin Rex wrote: > > Sorry for the confusion about the cipher suite. > > The issue seems a little weirder than what I thought, because the > failure seems to happen only for a particular cipher suite combo > (which happens to be the combo produced by my own Firefox config): > > I can repro the handshake failure with openssl-1.1.0-pre5 with this > command line: > > Failure: > openssl s_client -connect regmedia.co.uk:443 -cipher > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305
If you swap the order of these two ciphersuites, does it suceed or fail? I.e. openssl s_client -connect regmedia.co.uk:443 -cipher ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256 Well, your test results certainly blow basic "negotiation accidentially blows off all valid candidates and then fails" hypothesis out of the water. So it has to be soemthing more complicated. Succeeding with the ciphersuites swapped would suggest (as somebody else in this thread already said) that it only considers Chacha in the first place, not noticing that it may be the only choice after certificate selection. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
