tls-gen icon indicating copy to clipboard operation
tls-gen copied to clipboard

Published 20 hours ago verified publisher icon rabbitmq

Generating certs with ECC doesn't work

Open lukebakken opened this issue 8 years ago • 1 comments

Steps to reproduce:

cd basic
make USE_ECC=true

# in terminal 1
openssl s_server -cert ./server/cert.pem -key ./server/key.pem -CAfile ./testca/cacert.pem

# in terminal 2
openssl s_client -cert ./client/cert.pem -key ./client/key.pem -CAfile ./testca/cacert.pem

Error output:

ACCEPT                                                                                                                                  │    Start Time: 1508449149
ERROR                                                                                                                                   │    Timeout   : 7200 (sec)
139822582923200:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1404:               │    Verify return code: 0 (ok)
shutting down SSL                                                                                                                       │    Extended master secret: no
CONNECTION CLOSED

If you generate "regular" certs with make the above s_server and s_client commands work fine. I'll continue investigating.

$ openssl version
OpenSSL 1.1.0f  25 May 2017

lukebakken avatar Oct 19 '17 21:10 lukebakken

I can reproduce with OpenSSL 1.0.2l 25 May 2017.

michaelklishin avatar Oct 19 '17 23:10 michaelklishin