From: weeks@...
Date: 2015-11-25T06:39:34+00:00
Subject: [ruby-core:71678] [Ruby trunk - Bug #11739] [Open] OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites

Issue #11739 has been reported by Branodn Weeks.

----------------------------------------
Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites
https://bugs.ruby-lang.org/issues/11739

* Author: Branodn Weeks
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie���Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails. 

Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8

Then run:
>openssl s_client -connect localhost:8443

Also attaching a pcap file of the failed handshake.


---Files--------------------------------
tls_handshake.pcap (4.93 KB)


-- 
https://bugs.ruby-lang.org/