Problem Selecting Only Ecliptic Curve Ciphers
I'm using stunnel 4.56 on Windows 7. When I use the following cipher list: ciphers = ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-SHA to establish a connection, I get a "no shared cipher" response. The following set of ciphers does work: ciphers = ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA Other relevant settings: options = NO_SSLv2 sslVersion = all fips = no verify = 2 If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the ECDHE-RSA-AES128-SHA cipher is selected. What am I doing wrong? Thanks. -- Carter Browne cbrowne@cbcs-usa.com
2013/8/7 Carter Browne <brownec@attglobal.net>:
I'm using stunnel 4.56 on Windows 7. When I use the following cipher list:
ciphers = ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
to establish a connection, I get a "no shared cipher" response.
The following set of ciphers does work:
ciphers = ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
Other relevant settings:
options = NO_SSLv2 sslVersion = all fips = no verify = 2
If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the ECDHE-RSA-AES128-SHA cipher is selected.
What am I doing wrong?
To be able to use any of the ECDSA cipher suites you obviously must have ECDSA certificate. If you have only RSA certificate you cannot use any ECDSA cipher suites. As far as I know no CA will sell you ECDSA certificate currently. Unless you run your own CA you must use RSA to achieve any compatibility. -- Janusz Dziemidowicz
participants (2)
-
Carter Browne -
Janusz Dziemidowicz