简体   繁体   中英

Openssl: SSL_CTX_set_ecdh_auto() return failure

At the moment my openssl version is

OpenSSL 1.0.2h 3 May 2016

I use an example code offered by openssl Simple_TLS_Server to start a server and use s_client to send tls handshake. The server returned error like this:

139629255337616:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1349

And the s_client returned:

CONNECTED(00000003)
140266915485328:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1471879558
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

After reading this Manual:SSL_CTX_set1_curves(3) , i modified some lines of the original:

if(!SSL_CTX_set_ecdh_auto(ctx, 1))
{
    fprintf(stderr, "Error: SSL_CTX_set_ecdh_auto(ctx, 1)\n");
}

When i restarted the Simple_TLS_Server, it prints

Error: SSL_CTX_set_ecdh_auto(ctx, 1)

Also tried like this:

if(!SSL_CTX_set_ecdh_auto(ctx, 1))
{
    ERR_print_errors_fp(stderr);
}

But there was no available error message. Does anyone know how could this happen? If you require more information, please just let me know.

PS: i tried certificates and keys with s_server and s_client, that worked fine.

Does anyone know how could this happen?

According to the source code the only cases where SSL_CTX_set_ecdh_auto return 0 is when the openssl library was compiled without support for ECDH (OPENSSL_NO_ECDH) or without support for elliptic curves at all (OPENSSL_NO_EC).

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM