--0-944060774-1161081552=:55007
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Oh,=20
And when I tried with
openssl s_server -cipher ECCdraft -cert ecc.crt -key ecc.key -www
the errors I get:
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
1132:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake fa=
ilure:.
\ssl\s3_pkt.c:1057:SSL alert number 40
1132:error:140780E5:SSL routines:SSL23_READ:ssl handshake failure:.\ssl\s=
23_lib.
c:142:
ACCEPT
accept error 10004
=20
Does that mean my ecc cert has some issues?
I've generate them using these commands:
1)openssl ecparam -genkey -name secp160r1 -out ecc.pem
2)openssl req -new -key ecc.pem -out ecc.csr
3)openssl ec -in ecc.pem -out ecc.key
4)openssl x509 -in ecc.csr -out ecc.crt -req -signkey ecc.key -days 7
=20
Anything suspicious?
=20
Thanks in advance!!!
IT Professional wrote:
Hi Marek,
=20
Thanks for your advice.
I've done a check and these are the ciphers installed:
AECDH-AES256-SHA
AECDH-AES128-SHA
AECDH-DES-CBC3-SHA
AECDH-RC4-SHA
AECDH-NULL-SHA
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
ECDHE-RSA-NULL-SHA
ECDH-RSA-AES256-SHA
ECDH-RSA-AES128-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-RSA-RC4-SHA
ECDH-RSA-NULL-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-ECDSA-NULL-SHA
ECDH-ECDSA-AES256-SHA
ECDH-ECDSA-AES128-SHA
ECDH-ECDSA-DES-CBC3-SHA
ECDH-ECDSA-RC4-SHA
ECDH-ECDSA-NULL-SHA
=20
My apologies on the long listing but I didn't want to leave out any imp=
t info.
I've tested with 2 ECC certs, 1 with secp160r1 and the other with c2pnb=
163v3.
But I still getting the same handshake failure error with this amended =
commandpenssl s_client -cipher ECCdraft -connect localhost:443.
=20
I was thinking my existing ciphers already do support so I can't find wha=
t's amiss.
=20
Thanks in advance!!!
Marek Marcola wrote:
Hello,
> I've generated ECC cert using openssl and was testing with the
> command:
> openssl s_client -connect localhost:443.
> Error was encountered:
> 2028:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:.\ssl\s23_clnt.c:562:
> Anyone has a idea what the error could mean?
> I can't be sure whether it's a server or a ECC cert issue?
> All advice would be appreciated.
> Thanks in advance!

ECC ciphers are not default, add -cipher ECCdraft to s_client/s_server
to enable this ciphers. Check that your installation supports
ECC ciphers too:
$ openssl ciphers -v ECCdraft

Best regards,
--=20
Marek Marcola=20

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

=20
---------------------------------
=20
Real people. Real questions. Real answers. Share what you know.

=09
---------------------------------
Yahoo! Movies - Search movie info and celeb profiles and photos.
--0-944060774-1161081552=:55007
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Oh,
And when I tried with
openssl s_server =
-cipher ECCdraft -cert ecc.crt -key ecc.key -www
the errors I=
get:
Loading 'screen' into random state - done
Using defa=
ult temp DH parameters
Using default temp ECDH parameters
ACCEPT
>1132:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake f=
ailure:.
\ssl\s3_pkt.c:1057:SSL alert number 40
1132:error:140780E5=
:SSL routines:SSL23_READ:ssl handshake failure:.\ssl\s23_lib.
c:142: R>ACCEPT
accept error 10004
 
Does that m=
ean my ecc cert has some issues?
I've generate them using the=
se commands:
1)openssl ecparam -genkey -name secp160r1 -out e=
cc.pem
2)openssl req -new -key ecc.pem -out ecc.csr
iv>3)openssl ec -in ecc.pem -out ecc.key