[stunnel-users] using ECDH with stunnel

Michal Trojnara Michal.Trojnara at mirt.net
Thu Feb 11 18:27:38 CET 2010


Carl wrote:
> Is is possible to use ECDH with stunnel?
> 
> When using s_server and specifying the cipher I can establish a
> connection. But when using stunnel and specifing the same cipher, the
> connection is rejected with "no shared cipher".

You are correct.  Stunnel currently does not generate temporary ECDH keys
with EC_KEY_new_by_curve_name() function.

It should be possible to provide ECDH parameters with a certificate
instead:
http://www.openssl.org/docs/apps/req.html
It's probably also a better choice for performance, as key generation could
be a CPU-intensive operation.

What do you think?

Best regards,
Mike



More information about the stunnel-users mailing list