Project

General

Profile

Actions

Bug #11739

closed

OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites

Added by weeks (Branodn Weeks) almost 9 years ago. Updated about 8 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
[ruby-core:71678]

Description

I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie–Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails.

Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8

Then run:

openssl s_client -connect localhost:8443

Also attaching a pcap file of the failed handshake.


Files

tls_handshake.pcap (4.93 KB) tls_handshake.pcap weeks (Branodn Weeks), 11/25/2015 06:39 AM

Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #10497: OpenSSL Servers Do Not Support EC CertificatesClosedActions
Related to Ruby master - Feature #11356: Add ECDH support to OpenSSL wrapperClosedActions

Updated by ko1 (Koichi Sasada) almost 9 years ago

  • Assignee set to 7150
Actions #2

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
Actions #3

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Related to Feature #11356: Add ECDH support to OpenSSL wrapper added

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Status changed from Open to Closed

ext/openssl didn't support ephemeral ECDH in server mode up until Ruby 2.3 (Feature #11356).

Updated by usa (Usaku NAKAMURA) about 8 years ago

  • Status changed from Closed to Rejected
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0