On 24/11/16 00:56, Torsten Tributh wrote: >
>
> On 11/22/2016 10:55 PM, Jeremy Harris wrote:
>> So I guess there's some other difference apart from an EC curve being
>> defined (mine had the variable unset, so got the default prime256v1).
>>
>> Could you enable debug on yours and see where the output goes
>> significantly different? >31552 Initialized TLS
>31552 required ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
So you're requiring certain ciphers where I'm not, and mine works.
What happens if you don't do that?
Alternatively, can you get a packet capture of the connection attempt,
and (my preference is wireshark) look at the list of ciphers offered
by your test client - and compare with your server config of required
ciphers?
--
Cheers,
Jeremy