[stunnel-users] Problem Selecting Only Ecliptic Curve Ciphers

• Previous message (by thread): [stunnel-users] Problem Selecting Only Ecliptic Curve Ciphers
• Next message (by thread): [stunnel-users] Build failure for ARM32 with Yocto
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2013/8/7 Carter Browne <brownec at attglobal.net>:
> I'm using stunnel 4.56 on Windows 7.  When I use the following cipher list:
>
> ciphers =
> ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
>
> to establish a connection, I get a "no shared cipher" response.
>
> The following set of ciphers does work:
>
> ciphers =
> ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
>
> Other relevant settings:
>
> options = NO_SSLv2
> sslVersion = all
> fips = no
> verify = 2
>
> If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the
> ECDHE-RSA-AES128-SHA cipher is selected.
>
> What am I doing wrong?

To be able to use any of the ECDSA cipher suites you obviously must
have ECDSA certificate. If you have only RSA certificate you cannot
use any ECDSA cipher suites. As far as I know no CA will sell you
ECDSA certificate currently. Unless you run your own CA you must use
RSA to achieve any compatibility.

-- 
Janusz Dziemidowicz

• Previous message (by thread): [stunnel-users] Problem Selecting Only Ecliptic Curve Ciphers
• Next message (by thread): [stunnel-users] Build failure for ARM32 with Yocto
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]