Is is possible to use ECDH with stunnel?
When using s_server and specifying the cipher I can establish a connection. But when using stunnel and specifing the same cipher, the connection is rejected with "no shared cipher".
e.g. openssl s_server -cert server.pem -cipher DHE-RSA-AES256-SHA
It appears the difference is that s_server uses "default temp ECDH parameters" while stunnel doesn't have a default nor is there a way to specify the ECDH parameters.
From what I understand the ECDH parameters cannot be included with the
certificate, unlike DH parameters.
Is my understanding correct?
Thanks,
Carl
Carl wrote:
Is is possible to use ECDH with stunnel?
When using s_server and specifying the cipher I can establish a connection. But when using stunnel and specifing the same cipher, the connection is rejected with "no shared cipher".
You are correct. Stunnel currently does not generate temporary ECDH keys with EC_KEY_new_by_curve_name() function.
It should be possible to provide ECDH parameters with a certificate instead: http://www.openssl.org/docs/apps/req.html It's probably also a better choice for performance, as key generation could be a CPU-intensive operation.
What do you think?
Best regards, Mike
On Thu, 2010-02-11 at 18:27 +0100, Michal Trojnara wrote:
Carl wrote:
Is is possible to use ECDH with stunnel?
When using s_server and specifying the cipher I can establish a connection. But when using stunnel and specifing the same cipher, the connection is rejected with "no shared cipher".
You are correct. Stunnel currently does not generate temporary ECDH keys with EC_KEY_new_by_curve_name() function.
It should be possible to provide ECDH parameters with a certificate instead: http://www.openssl.org/docs/apps/req.html It's probably also a better choice for performance, as key generation could be a CPU-intensive operation.
What do you think?
Ok, I was confused on what the ECDH acronym meant. Sorry about that. I'm trying to support the cipher DHE-RSA-AES256-SHA which uses ephemeral DH which is not elliptical curve DH (ECDH).
So for the DHE-RSA-AES256-SHA cipher, the server certificate needs to have DH parameters and DH is not compiled in stunnel by default (as described in the stunnel faq.)
I have recompiled stunnel with DH enabled and I am happy to report the DHE ciphers are now working with stunnel.
Thanks for your support and great open source software.
Carl
-
Carl -
Michal Trojnara