Project

General

Profile

Actions

Bug #10497

closed

OpenSSL Servers Do Not Support EC Certificates

Added by bnagy (Ben Nagy) about 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
ruby -v:
ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin12.0]
[ruby-core:66216]

Description

Also see https://bugs.ruby-lang.org/issues/10257

Here's a gist https://gist.github.com/bnagy/7a81e5387beeeea866c1 which works fine with an RSA key and fails with an EC key. I tried with an externally verified cert, which I have tested using the openssl s_server/s_client tools, as well as with an EC key that I pass to the ruby issue_cert method. I see:

SSL_accept returned=1 errno=0 state=SSLv3 read client hello C: no shared cipher
/Users/ben/.rubies/ruby-2.1.0/lib/ruby/2.1.0/openssl/ssl.rb:194:in `accept'

MRI: ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin12.0]

and

SSL_accept returned=1 errno=0 state=SSLv3 read client hello C: no shared cipher
/Users/ben/.rubies/rubinius-2.2.1/runtime/gems/rubysl-openssl-2.0.4/lib/openssl/ssl.rb:184:in `accept'

rubinius 2.2.1 (2.1.0 3ed43137 2013-11-17 JI) [x86_64-darwin12.4.0]

Can't test with JRuby because it doesn't support the ECDH suites at all yet.

Unfortunately, I haven't got any further yet because that's where the call vanishes into openssl itself, but I suspect 'no shared cipher' is a red herring ( I'm not specifying or restricting any cipher suites at either end )


Related issues

Related to Ruby master - Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuitesRejectedopensslActions
Related to Ruby master - Feature #11356: Add ECDH support to OpenSSL wrapperClosedActions
Actions

Also available in: Atom PDF