问题
I am writing a SSL server and client for communication. I have the following code for server
SSL_CTX* InitServerCTX(void)
{
SSL_METHOD *method;
SSL_CTX *ctx;
SSL_library_init();
OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_ciphers();
ctx = SSL_CTX_new(SSLv23_server_method()); /* Create new context */
if ( ctx == NULL )
{
ERR_print_errors_fp(stderr);
abort();
}
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");
return ctx; }
After this the code for accept is
int client = accept(server, (sockaddr*)&addr, &len); /* accept connection as usual */
printf("Connection: %s:%d\n",
inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
ssl = SSL_new(ctx); /* get new SSL state with context */
SSL_set_fd(ssl, client);
int ret = SSL_accept(ssl);
And here is the client code
SSL_CTX* InitCTX(void)
{
SSL_METHOD *method;
SSL_CTX *ctx;
SSL_library_init();
OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */
SSL_load_error_strings(); /* Bring in and register error messages */
ctx = SSL_CTX_new(SSLv23_client_method()); /* Create new context */
if ( ctx == NULL )
{
ERR_print_errors_fp(stderr);
abort();
}
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");
return ctx;
}
For connecting it is
ssl = SSL_new(ctx); /* create new SSL connection state */
SSL_set_fd(ssl, server); /* attach the socket descriptor */
int ret = SSL_connect(ssl) ;
I am not using any certificates or keys.
When i try to connect using this approach i am getting no shared ciphers error on the server side. I think this is some configuration issue with respect to the ciphers. Can someone please point me the right direction.
Thanks
回答1:
SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM:!eNULL:!aNULL:!RC4");I am not using any certificates or keys.
Since you neither use certificates nor SRP the only possible ciphers are thus where no authentication of the server is done. But you did explicitly exclude these ciphers with !aNULL in both client and server. This means that none of the ciphers offered by the client or accepted by the server is able to work with no authentication which results in "no shared ciphers". From the documentation of ciphers:
aNULL
the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally discouraged.
来源:https://stackoverflow.com/questions/39569183/no-server-certificate-and-no-shared-cipher-when-clients-connect