From: k@...
Date: 2016-07-02T07:41:20+00:00
Subject: [ruby-core:76228] [Ruby trunk Bug#11739][Closed] OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites

Issue #11739 has been updated by Kazuki Yamaguchi.

Status changed from Open to Closed

ext/openssl didn't support ephemeral ECDH in server mode up until Ruby 2.3 (Feature #11356).

----------------------------------------
Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites
https://bugs.ruby-lang.org/issues/11739#change-59460

* Author: Branodn Weeks
* Status: Closed
* Priority: Normal
* Assignee: openssl
* ruby -v: 
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
I'm trying to configure an instance of OpenSSL::SSL::SSLServer that supports Elliptic curve Diffie���Hellman. No matter what combination of Ruby and OpenSSL versions I try the negotiation with the client fails. 

Proof of concept:
https://gist.github.com/brandonweeks/e26414cc1e9eea9453a8

Then run:
>openssl s_client -connect localhost:8443

Also attaching a pcap file of the failed handshake.


---Files--------------------------------
tls_handshake.pcap (4.93 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>