--0-1835260441-1161080658=:37658
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Marek,
=20
Thanks for your advice.
I've done a check and these are the ciphers installed:
AECDH-AES256-SHA
AECDH-AES128-SHA
AECDH-DES-CBC3-SHA
AECDH-RC4-SHA
AECDH-NULL-SHA
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
ECDHE-RSA-NULL-SHA
ECDH-RSA-AES256-SHA
ECDH-RSA-AES128-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-RSA-RC4-SHA
ECDH-RSA-NULL-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-ECDSA-NULL-SHA
ECDH-ECDSA-AES256-SHA
ECDH-ECDSA-AES128-SHA
ECDH-ECDSA-DES-CBC3-SHA
ECDH-ECDSA-RC4-SHA
ECDH-ECDSA-NULL-SHA
=20
My apologies on the long listing but I didn't want to leave out any imp=
t info.
I've tested with 2 ECC certs, 1 with secp160r1 and the other with c2pnb=
163v3.
But I still getting the same handshake failure error with this amended =
commandpenssl s_client -cipher ECCdraft -connect localhost:443.
=20
I was thinking my existing ciphers already do support so I can't find wha=
t's amiss.
=20
Thanks in advance!!!
Marek Marcola wrote:
Hello,
> I've generated ECC cert using openssl and was testing with the
> command:
> openssl s_client -connect localhost:443.
> Error was encountered:
> 2028:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:.\ssl\s23_clnt.c:562:
> Anyone has a idea what the error could mean?
> I can't be sure whether it's a server or a ECC cert issue?
> All advice would be appreciated.
> Thanks in advance!

ECC ciphers are not default, add -cipher ECCdraft to s_client/s_server
to enable this ciphers. Check that your installation supports
ECC ciphers too:
$ openssl ciphers -v ECCdraft

Best regards,
--=20
Marek Marcola=20

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org


=09
---------------------------------
=20
Real people. Real questions. Real answers. Share what you know.
--0-1835260441-1161080658=:37658
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Marek,
 
Thanks for your advice. v>
I've done a check and these are the ciphers installed:
iv>AECDH-AES256-SHA
AECDH-AES128-SHA
AECDH-DES-CB=
C3-SHA
AECDH-RC4-SHA
AECDH-NULL-SHA
E=
CDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RS=
A-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
ECDHE-RSA-NULL-S=
HA
ECDH-RSA-AES256-SHA
ECDH-RSA-AES128-SHA
=
ECDH-RSA-DES-CBC3-SHA
ECDH-RSA-RC4-SHA
ECDH=
-RSA-NULL-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-=
AES128-SHA
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-ECDSA-R=
C4-SHA
ECDHE-ECDSA-NULL-SHA
ECDH-ECDSA-AES256-SHA=
ECDH-ECDSA-AES128-SHA
ECDH-ECDSA-DES-CBC3-SHA iv>
ECDH-ECDSA-RC4-SHA
ECDH-ECDSA-NULL-SHA
=
 
My apologies on the
long listing but I didn't want to leave out any impt info.
I=
've tested with 2 ECC certs, 1 with secp160r1 and the other wit=
h c2pnb163v3.
But I still getting the same handshake failure =
error with this amended commandpenssl s_client -cipher ECCdraft -connec=
t localhost:443.

I was thinking my existing ciphers alrea=
dy do support so I can't find what's amiss.
 
v>Thanks in advance!!!
Marek Marcola <Marek.Marcola@malkom.pl=
>
wrote:
FT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Hello,
>=
I've generated ECC cert using openssl and was testing with the
> c=
ommand:
> openssl s_client -connect localhost:443.
> Error wa=
s encountered:
> 2028:error:14077410:SSL routines:SSL23_GET_SERVER_=
HELLO:sslv3 alert
> handshake failure:.\ssl\s23_clnt.c:562:
>=
Anyone has a idea what the error could
mean?
> I can't be sure whether it's a server or a ECC cert issue?=

> All advice would be appreciated.
> Thanks in advance!
E=
CC ciphers are not default, add -cipher ECCdraft to s_client/s_server
=
to enable this ciphers. Check that your installation supports
ECC ciph=
ers too:
$ openssl ciphers -v ECCdraft

Best regards,
--
=
Marek Marcola

__________________________=
____________________________________________
OpenSSL Project http://ww=
w.openssl.org
User Support Mailing List openssl-users@openssl.org
A=
utomated List Manager majordomo@openssl.org



//sg.yimg.com/i/sg/answers/yanswers_footer.gif" height=3D65 width=3D346><=
/a>
=20
Real people. Real questions. Real answers. =
Share what you know<=
/font>.
--0-1835260441-1161080658=:37658--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org