I am trying to do a secure connection with openSSL between a client and a server that I wrote.
When I try to select the cipher suite to use, I do SSL_CTX_set_cipher_list(ctx, ECDH-ECDSA-AES18-GCM-SHA256) and this both on the client and the server.
But when I check with get_cipher_list, the cipher at priority level 0 is ECDH-RSA-AES128-GCM-SHA256 (notice the use of RSA instead of ECDSA), with ECDH-ECDSA-AES18-GCM-SHA256 only appearing at level 1.
Both client and server have ECDSA keys in certificates signed by an ECDSA CA.
I now have several questions:
where does the suite with RSA come from? none of server or client selected it as a possible cipher.
Is it possible to have the ECDSA at priority 0?
- more troubling: when I call SSL_get_cipher(ssl) it indicates that the actual cipher used is the one with RSA. However, I was able to communicate between client and server. How is that possible if they don't have an RSA certificate?
- Then, how can I be sure that the traffic is effectively encrypted?
Aucun commentaire:
Enregistrer un commentaire