Project

General

Profile

Actions
Copy link

Bug #11739

closed

OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites

Added by weeks (Branodn Weeks) over 8 years ago. Updated over 7 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
Backport:
2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
[ruby-core:71678]

Description

I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie–Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails.

Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8

Then run:

openssl s_client -connect localhost:8443

Also attaching a pcap file of the failed handshake.

Files

tls_handshake.pcap (4.93 KB) tls_handshake.pcap weeks (Branodn Weeks), 11/25/2015 06:39 AM

Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #10497: OpenSSL Servers Do Not Support EC CertificatesClosedActions
Related to Ruby master - Feature #11356: Add ECDH support to OpenSSL wrapperClosedActions
Actions
Copy link
 #1 [ruby-core:71887]

Updated by ko1 (Koichi Sasada) over 8 years ago

  • Assignee set to 7150
Actions
Copy link
 #2

Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago

  • Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
Actions
Copy link
 #3

Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago

  • Related to Feature #11356: Add ECDH support to OpenSSL wrapper added
Actions
Copy link
 #4 [ruby-core:76228]

Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago

  • Status changed from Open to Closed

ext/openssl didn't support ephemeral ECDH in server mode up until Ruby 2.3 (Feature #11356).

Actions
Copy link
 #5 [ruby-core:76711]

Updated by usa (Usaku NAKAMURA) over 7 years ago

  • Status changed from Closed to Rejected
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0