OpenSSL “No Shared cipher”

Question

I know there is a barrage of questions (and answers) but I couldn't find one that moved me on...

I am trying to create an SSL client/server app and getting:

SSL_accept() returned -1

Error in SSL_accept(): 1

Error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

I really don't understand what I have done wrong :(

Both call before any OpenSSL call

SSL_load_error_strings();

SSL_library_init();

ERR_load_BIO_strings();

OpenSSL_add_all_algorithms();

Server (snipped to make shorter):

<Created socket and set it to listen to port 8888>

<Bind and make it listen>

while (1) 
{
    client = accept( server, (sockaddr*) &clientsockaddrin, &len );

    SSL_CTX *ctx = SSL_CTX_new( SSLv3_server_method() );

    BIO* bio = BIO_new_file( "dh1024.pem", "r" );

    DH* ret = PEM_read_bio_DHparams( bio, NULL, NULL, NULL );

    BIO_free( bio );

    SSL_CTX_set_tmp_dh( ctx, ret );

    RSA* rsa = RSA_generate_key( 1024, RSA_F4, NULL, NULL );

    SSL_CTX_set_tmp_rsa( ctx, rsa );

    SSL_CTX_set_cipher_list( ctx, "ALL" );

    SSL* ssl = SSL_new(ctx);

    BIO* sslclient = BIO_new_socket(client, BIO_NOCLOSE);

    SSL_set_bio(ssl, sslclient, sslclient);

    int r = SSL_accept( ssl );

    if (r != 1) 
    {
        printf("SSL_accept() returned %d\n", r);
        printf("Error in SSL_accept(): %d\n", SSL_get_error(ssl, r));
        char error[65535];
        ERR_error_string_n(ERR_get_error(), error, 65535);
        printf("Error: %s\n\n", error);
        ERR_print_errors(sslclient);
        int err = WSAGetLastError();
        printf("WSA: %d\n", err);
        // We failed to accept this client connection.
        // Ideally here you'll drop the connection and continue on.
        break;
    }
}

Client is:

SSLSocket *sslSocket = NULL;
SSL_CTX *ctx = NULL;

ctx = SSL_CTX_new( SSLv3_client_method() );

adaptor->SetCipherList( ctx, std::string( "ALL" ) );

sslSocket = static_cast<SSLSocket *>( adaptor->Connect( ctx, "localhost", 8888 ) );

if ( sslSocket == NULL )
{
    std::cout << "Unable to connect to service... aborting!" << std::endl;
    return;
}

I have spent days pulling (whats left of my hair) out, so any help would be gratefully accepted!!

Answer 1

I'm sorry to post this as an "answer" as this is more an inquiry into your hunt for an answer. I'll note that RFC 4492 requires a list of compatible curves which is a subset of the set supported by OpenSSL Elliptic Curves, so providing non-TLSv1.2 compatible curves might be part of the issue, but from what I've seen that couldn't be. (Sorry to brainstorm).

I'm wondering if you were able to overcome this issue and if so, how so? Hope you did for your sake and for my sake.