'No Shared Cipher' Error with EDH-RSA-DES-CBC3-SHA

Question

I wanted to test TLS 1.0 connection with cipher EDH-RSA-DES-CBC3-SHA.

I test with openssl s_server and s_client. Works fine. Connection and data exchanges are fine.

Answer 1

You need to create a DH object and set up the DH parameters for the ssl context ctx. To be more specific setting the primp p and generator g is required once the DH object is allocated.

One way to do that would be to use below example pseudo code

Here dh512_p dh512_g are the primo p and generator g respectively

DH* get_dh512(const unsigned char *dh512_p,const unsigned char *dh512_g)
{
    DH *dh=NULL;
    if ((dh=DH_new()) == NULL) return(NULL);
    dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
    dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);

   return(dh);
}

Then set up the parameters in your function using the callback

//if key exchange is based on diffie hellman
DH *dh =  get_dh512(dh512_p,dh512_g)
SSL_CTX_set_tmp_dh(ctx,dh);
SSL_CTX_set_cipher_list(ctx,ciphers);

Please look at the following links for callback details http://linux.die.net/man/3/ssl_ctx_set_tmp_dh