Reputation: 966
No server certificate and "no shared cipher" when clients connect
I am writing a SSL server and client for communication. I have the following code for server
SSL_CTX* InitServerCTX(void)
{
SSL_METHOD *method;
SSL_CTX *ctx;
SSL_library_init();
OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_ciphers();
ctx = SSL_CTX_new(SSLv23_server_method()); /* Create new context */
if ( ctx == NULL )
{
ERR_print_errors_fp(stderr);
abort();
}
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");
return ctx; }
After this the code for accept is
int client = accept(server, (sockaddr*)&addr, &len); /* accept connection as usual */
printf("Connection: %s:%d\n",
inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
ssl = SSL_new(ctx); /* get new SSL state with context */
SSL_set_fd(ssl, client);
int ret = SSL_accept(ssl);
And here is the client code
SSL_CTX* InitCTX(void)
{
SSL_METHOD *method;
SSL_CTX *ctx;
SSL_library_init();
OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */
SSL_load_error_strings(); /* Bring in and register error messages */
ctx = SSL_CTX_new(SSLv23_client_method()); /* Create new context */
if ( ctx == NULL )
{
ERR_print_errors_fp(stderr);
abort();
}
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");
return ctx;
}
For connecting it is
ssl = SSL_new(ctx); /* create new SSL connection state */
SSL_set_fd(ssl, server); /* attach the socket descriptor */
int ret = SSL_connect(ssl) ;
I am not using any certificates or keys.
When i try to connect using this approach i am getting no shared ciphers error on the server side. I think this is some configuration issue with respect to the ciphers. Can someone please point me the right direction.
Thanks
Upvotes: 1
Views: 1523
Answers (1)
Reputation: 123380
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");I am not using any certificates or keys.
Since you neither use certificates nor SRP the only possible ciphers are thus where no authentication of the server is done. But you did explicitly exclude these ciphers with !aNULL in both client and server. This means that none of the ciphers offered by the client or accepted by the server is able to work with no authentication which results in "no shared ciphers". From the documentation of ciphers:
aNULL
the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally discouraged.
Upvotes: 4
Related Questions
- No able to get client certificate in ssl/tls
- SSL Handshake fails after clienthello
- TCP/IP socket cannot establish a secure connection with TLSv1_2_client_method()
- TLS server doesn't receive certificate from client, fails to terminate handshake
- SSL error :"server hello" rejected by client
- "ssl3_get_client_hello:no shared cipher" in server depending on server certificate and key
- OpenSSL: server cannot verify client certificate
- Server using SSL returns "no certificate returned"
- Client Failing TLS 1.0 Handshake when CA List provided by Server
- Why does my server always respond "No certificates"?