[stunnel-users] Problem Selecting Only Ecliptic Curve Ciphers

Carter Browne brownec at attglobal.net
Wed Aug 7 21:55:11 CEST 2013


I'm using stunnel 4.56 on Windows 7.  When I use the following cipher list:

ciphers = 
ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-SHA

to establish a connection, I get a "no shared cipher" response.

The following set of ciphers does work:

ciphers = 
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA

Other relevant settings:

options = NO_SSLv2
sslVersion = all
fips = no
verify = 2

If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the 
ECDHE-RSA-AES128-SHA cipher is selected.

What am I doing wrong?

Thanks.

-- 
Carter Browne
cbrowne at cbcs-usa.com




More information about the stunnel-users mailing list