Ping a Specific Port

Question

Isaac Kwan

Asked: 2012-07-07 20:46:14 +0800 CST2012-07-07 20:46:14 +0800 CST 2012-07-07 20:46:14 +0800 CST

Does software utilizing OpenSSL needs to be specially compiled for ECDSA support?

772

I am attempting to configure my Apache Traffic Server to use ECDSA cert/key. However, I got the following error message when connecting with openssl s_client

 routines:SSL23_GET_SERVER_HELLO:sslv 3 alert handshake

and if I attempt to connect it directly with Firefox I am prompted that no common cipher is available.

I am pretty sure that the certs/keys are generated correctly as I was able to establish a connection with the same cert/key with openssl s_server and openssl s_client.

So that makes me wondering if I need to compile ATS specially to make use of ECDSA certificates.

1 Answers

Voted

Isaac Kwan · Answer 1 · 2012-07-08T09:01:54+08:00

Isaac Kwan

2012-07-08T09:01:54+08:002012-07-08T09:01:54+08:00

Sounds like yes.

A quick Googling turns out this post which pointed out that "this requires elliptic curve to be specified to use for ephemeral ECDH keys" and thus if you are going to use a ECDSA, you will need the software to specially support it.

1

Does software utilizing OpenSSL needs to be specially compiled for ECDSA support?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?