Actions
Bug #11739
closedOpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites
Description
I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie–Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails.
Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8
Then run:
openssl s_client -connect localhost:8443
Also attaching a pcap file of the failed handshake.
Files
Updated by ko1 (Koichi Sasada) almost 9 years ago
- Assignee set to 7150
Updated by rhenium (Kazuki Yamaguchi) over 8 years ago
- Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
Updated by rhenium (Kazuki Yamaguchi) over 8 years ago
- Related to Feature #11356: Add ECDH support to OpenSSL wrapper added
Updated by rhenium (Kazuki Yamaguchi) over 8 years ago
- Status changed from Open to Closed
ext/openssl didn't support ephemeral ECDH in server mode up until Ruby 2.3 (Feature #11356).
Updated by usa (Usaku NAKAMURA) about 8 years ago
- Status changed from Closed to Rejected
Actions
Like0
Like0Like0Like0Like0Like0