Provo a stabilire una connessione SSL usando il ECDH-RSA-AES256-SHA
cipher usando OpenSSL, ma fallisce dicendo "no shared cipher"
:
Sul server, eseguo:
$ openssl s_server -cert selfsigned_cert.pem -key selfsigned_key.pem
ACCEPT
ERROR
140662855206568:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1236:
Sul client:
$ openssl s_client -connect myserver:4433 -cipher ECDH-RSA-AES256-SHA
CONNECTED(00000003)
140237192541856:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
È a causa del certificato del server?
È un certificato autofirmato:
$ openssl x509 -in selfsigned_cert.pem -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
a9:30:4a:0b:b0:2a:7a:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Some-State, L=Paris, O=Foo, OU=Bar, CN=selfsigned/emailAddress=moi
Validity
Not Before: Sep 14 12:29:49 2015 GMT
Not After : Aug 29 12:29:49 2017 GMT
Subject: C=FR, ST=Some-State, L=Paris, O=Foo, OU=Bar, CN=selfsigned/emailAddress=moi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:df:2f:1f:ff:ce:21:9c:e4:e3:9c:c8:ba:a2:d1:
f3:6a:73:a4:af:d6:da:5a:f9:b8:dc:49:ce:5d:89:
03:88:6d:11:06:7e:9a:1c:93:1b:95:25:c8:e6:c3:
b5:5f:ed:96:2d:29:bf:77:a6:a9:25:33:8b:9a:69:
fd:88:52:94:03:a5:6b:ce:5a:a4:ad:ca:39:51:00:
09:14:4f:37:ce:84:8c:3e:d6:43:df:55:11:52:95:
0b:64:4d:72:e3:43:52:98:cc:51:87:70:0a:c0:78:
8a:b8:8f:4b:3c:37:9a:3a:a6:6f:87:81:a9:42:19:
02:f2:9f:36:2d:30:d0:40:01
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
50:28:61:05:4e:a0:58:e1:5a:e4:0a:cf:e9:9c:bb:48:f0:f2:
ed:e9:51:41:be:2c:b2:66:0d:21:bb:94:c4:49:c4:38:15:e5:
b7:b3:d9:ce:4e:af:b3:bd:47:3d:1f:54:21:a6:1d:8a:15:5c:
ef:bb:28:d0:3b:e9:9b:cb:2d:30:b9:fb:47:ef:25:15:4a:38:
e3:81:9c:70:d9:22:55:71:d5:d8:75:5e:23:5d:88:67:31:d3:
84:2c:2e:ad:ec:3c:55:d1:95:f6:43:29:cd:c3:ac:9c:e2:5f:
8f:c8:1e:24:4a:c8:57:d2:84:b5:d3:f8:35:40:5b:75:28:e4:
a5:3d
Senza l'argomento "-cipher ECDH-RSA-AES256-SHA"
, il client si collega correttamente al mio server.
Qualche idea?