Project

General

Profile

Bug #11739

OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites

Added by weeks (Branodn Weeks) over 3 years ago. Updated about 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
openssl
Target version:
-
[ruby-core:71678]

Description

I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie–Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails.

Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8

Then run:

openssl s_client -connect localhost:8443

Also attaching a pcap file of the failed handshake.


Files

tls_handshake.pcap (4.93 KB) tls_handshake.pcap weeks (Branodn Weeks), 11/25/2015 06:39 AM

Related issues

Related to Ruby master - Bug #10497: OpenSSL Servers Do Not Support EC CertificatesClosedActions
Related to Ruby master - Feature #11356: Add ECDH support to OpenSSL wrapperClosedActions

History

Updated by ko1 (Koichi Sasada) over 3 years ago

  • Assignee set to openssl
#2

Updated by rhenium (Kazuki Yamaguchi) about 3 years ago

  • Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
#3

Updated by rhenium (Kazuki Yamaguchi) about 3 years ago

  • Related to Feature #11356: Add ECDH support to OpenSSL wrapper added

Updated by rhenium (Kazuki Yamaguchi) about 3 years ago

  • Status changed from Open to Closed

ext/openssl didn't support ephemeral ECDH in server mode up until Ruby 2.3 (Feature #11356).

Updated by usa (Usaku NAKAMURA) about 3 years ago

  • Status changed from Closed to Rejected

Also available in: Atom PDF