At the moment my openssl version is
OpenSSL 1.0.2h 3 May 2016
I use an example code offered by openssl Simple_TLS_Server to start a server and use s_client to send tls handshake. The server returned error like this:
139629255337616:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1349
And the s_client returned:
CONNECTED(00000003)
140266915485328:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1471879558
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
After reading this Manual:SSL_CTX_set1_curves(3) , i modified some lines of the original:
if(!SSL_CTX_set_ecdh_auto(ctx, 1))
{
fprintf(stderr, "Error: SSL_CTX_set_ecdh_auto(ctx, 1)\n");
}
When i restarted the Simple_TLS_Server, it prints
Error: SSL_CTX_set_ecdh_auto(ctx, 1)
Also tried like this:
if(!SSL_CTX_set_ecdh_auto(ctx, 1))
{
ERR_print_errors_fp(stderr);
}
But there was no available error message. Does anyone know how could this happen? If you require more information, please just let me know.
PS: i tried certificates and keys with s_server and s_client, that worked fine.
Does anyone know how could this happen?
According to the source code the only cases where SSL_CTX_set_ecdh_auto return 0 is when the openssl library was compiled without support for ECDH (OPENSSL_NO_ECDH) or without support for elliptic curves at all (OPENSSL_NO_EC).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.