[stunnel-users] Problem Selecting Only Ecliptic Curve Ciphers

Janusz Dziemidowicz rraptorr at nails.eu.org
Wed Aug 7 23:03:42 CEST 2013

2013/8/7 Carter Browne <brownec at attglobal.net>:
> I'm using stunnel 4.56 on Windows 7.  When I use the following cipher list:
> ciphers =
> to establish a connection, I get a "no shared cipher" response.
> The following set of ciphers does work:
> ciphers =
> Other relevant settings:
> options = NO_SSLv2
> sslVersion = all
> fips = no
> verify = 2
> If I take out the first ECDHE-RSA-ASE256-SHA cipher from the list, the
> ECDHE-RSA-AES128-SHA cipher is selected.
> What am I doing wrong?

To be able to use any of the ECDSA cipher suites you obviously must
have ECDSA certificate. If you have only RSA certificate you cannot
use any ECDSA cipher suites. As far as I know no CA will sell you
ECDSA certificate currently. Unless you run your own CA you must use
RSA to achieve any compatibility.

Janusz Dziemidowicz

More information about the stunnel-users mailing list