-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use ECDHE-ECDSA-AES128-SHA256 cipher suite with Restbed #86
Comments
Please present the commands used to generate certificates/parameters.
Whats the client command used, whats the output of the client command? |
The commands were:
|
What is the outcome from |
@markelkins I must mention that your organisation looks very security focused. Please understand that Restbed is not currently working off the latest version of OpenSSL and 4.0 is on hold until ASIO has merged a pending PR. If your organisation proceeds with commercial licensing we will reiterate this matter, if it remains unresolved. |
@ben-crowhurst I appreciate the warning. For now we are just building a server to test some other products we are working on. If we decide to commercialize our server work, we will definitely need to have more discussion with you. |
Did this succeed? I looked up Just to be certain, it might be worth trying with |
Okay, so I've finally cracked this beast of a problem but I'm not sure that the fix belongs solely in Restbed's codebase. It's a flaw with Boost's ASIO SSL wrapper as well, because it doesn't contain mechanisms to support ECDHE. Essentially, it's missing the necessary ASIO API to invoke the equivalent of: I have a hack fix in place that I've tested as working, but I need to figure out how to integrate it properly. I think this will impact any & all algorithms that rely on ECDHE, not just the cipher mentioned in this issue. |
Please share the "hack", and great work 👍 |
So essentially, restbed needs to implement a wrapper around the new ASIO function (from pull request above) in the SSL settings context and use it service_impl.cpp. I've actually got a working wrapper implemented that I used to test ASIO - just need to clean it up a bit. |
This issue will be resolved with the 5.0 release, allowing any socket layer to be inserted into the framework. Public beta branch will be available July 2017. |
This will finally be possible July 2021. We will expose a NetworkAdaptor interface that will enable OpenSSL, LibreSSL or any other such functionality. |
I need to use HTTPS with the ECDHE-ECDSA-AES128-SHA256 cipher suite, but I cannot seem to get Restbed to use this cipher suite. The error I get is "no shared cipher" when I connect using cURL and specify the cipher suite above. I have configured the server to use a ECC secp256p1 keypair. Any thoughts on how to get this working? I'm working on Darwin 10.3.
For reference here is the code I have so far for the server:
Here are the key files I am using. (Don't worry, they are only temporary keys.)
ec_privkey.pem
server.crt
The text was updated successfully, but these errors were encountered: