RE: strange problem of "no shared cipher" for no certificateTLSconnection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: strange problem of "no shared cipher" for no certificateTLSconnection

Roger Zhang
Hi, Marek,

I have tried. It did not work. Since my work is based on ACE_SSL, I tried with ACE_SSL example program. Still could not setup TLS connection. Seems like an ACE_SSL bug.

Thanks,
Roger

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Marek Marcola
> Sent: Tuesday, April 18, 2006 5:05 PM
> To: [hidden email]
> Subject: RE: strange problem of "no shared cipher" for no
> certificateTLSconnection
>
>
> Hello,
>
> > I used SSL_CTX_set_cipher_list() to try all kinds of ADH
> plus aNULL, eNULL, NULL and ALL.
> > The connection still could not be setup without server certificate.
>
> On server side:
> - generate DH parameters file:
> # openssl dhparam 512 -out dhparm.pem
> - add code to initialize SSL_CTX structure:
>
> static DH *load_dh_param(const char *dhfile)
> {
>         DH *ret=NULL;
>         BIO *bio;
>
>         if ((bio=BIO_new_file(dhfile,"r")) == NULL){
>                 goto err;
>         }
>         ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
>
> err:
>         if (bio != NULL){
>                 BIO_free(bio);
>         }
>         return(ret);
> }
> ..
> ..
> SSL_CTX *ctx;
> DH *dh;
> ..
> ..
> if((dh=load_dh_param("dhparam.pem")) == NULL){
>         ERR_print_errors_fp(stderr);
>         goto err;
> }
> SSL_CTX_set_tmp_dh(ctx,dh);
> DH_free(dh);
>
> if(!SSL_CTX_set_cipher_list(ctx,"ADH")) {
>        ERR_print_errors_fp(stderr);
>        goto err;
> }
> ..
> ..
>
> On client side:
> - add code to initialize SSL_CTX structure:
>
> if(!SSL_CTX_set_cipher_list(ctx,"ADH")) {
>        ERR_print_errors_fp(stderr);
>        goto err;
> }
>
> Best regards,
> --
> Marek Marcola <[hidden email]>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: strange problem of "no shared cipher" for no certificateTLSconnection

Marek.Marcola
Hello,

> I have tried. It did not work. Since my work is based on ACE_SSL, I tried with ACE_SSL example program.
> Still could not setup TLS connection. Seems like an ACE_SSL bug.
Try ssldump or simply tcpdump to get handshake client_hello packet
to check if client tries to send ADH ciphers.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]