W dniu 21.07.2021 o 09:07, Sachin Deshmukh pisze:
I am facing the below difficulties while using a stunnel for CA File as TLS Server. -- TLS Server running in Windows -- Use of CA File -- Cipher use from client is: -- ciphers = ECDHE-ECDSA-AES256-GCM-SHA384
2021.07.20 23:38:32 LOG7[11]: TLS alert (write): fatal: handshake failure 2021.07.20 23:38:32 LOG3[11]: SSL_accept: ssl/statem/statem_srvr.c:2283: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
If this cipher is removed, this validation is passed. Is this cipher not supported? Stunnel version is 5.59. Even if verifypeer is disabled, there is no gain.
Hi Sachin, Cipher suites using ECDSA for authentication (such as ECDHE-ECDSA-AES256-GCM-SHA384) require ECDSA-based certificates. Commonly used certificates are based on RSA rather than ECDSA.
Regards, Małgorzata