ECC SSL client

Mon, 23 Feb 2009 08:05:10 -0800

I'm scratching my head here...I'm trying to connect to an SSL server with a full EC chain using a JSS SSLSocket. 

Using NSS 3.12.2 libs taken from my Firefox 3.0.6 install I get:
org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-5978) Network file descriptor is not connected. I can hit the site from the firefox install I grabbed the libs from and using ssltap I found out it negotiated TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA. I made sure this cipher was enabled in JSS for the socket. 

Using NSS 3.12.2 RTM or NSS 3.11.4 RTM, I get:

org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: 
(-12286) Cannot communicate securely with peer: no common encryption 
algorithm(s).
3.12.2 I just built and used NSS_ENABLE_ECC, 3.11.4 appears to have the 
extended suite enabled as it has *all* the curves listed in certutil -H 
output



Stepping back and eliminating JSS, I get similar errors if I use NSS's 
command line SSL clients directly:


NSS 3.12.2:
tstclnt -h ecserver -p 9443 -d .

tstclnt: read from socket failed: Cannot communicate securely with peer: 
no comm

on encryption algorithm(s).

NSS 3.11.4:
client -d . -p 9443 ecserver
Launched thread in slot 0
Error in function PR_Write: -12286

 - Cannot communicate securely with peer: no common encryption 
algorithm(s).

Error in function handle_connection: -12286

 - Cannot communicate securely with peer: no common encryption 
algorithm(s).

Thread in slot 0 returned -1


Interestingly, with the firefox 3.12.2 NSS libs (and the 3.12.2 command 
line tools), tstclnt sits in a loop and never exits of:

tstclnt: about to call PR_Poll !
tstclnt: PR_Poll returned!
tstclnt: PR_Poll returned 0x00 for stdin out_flags.
tstclnt: PR_Poll returned 0x01 for socket out_flags.
tstclnt: PR_Poll returned 0x01 for socket out_flags.
tstclnt: Read from server -1 bytes
tstclnt: about to call PR_Poll !
tstclnt: PR_Poll returned!
tstclnt: PR_Poll returned 0x00 for stdin out_flags.
tstclnt: PR_Poll returned 0x01 for socket out_flags.
tstclnt: PR_Poll returned 0x01 for socket out_flags.
tstclnt: Read from server -1 bytes
tstclnt: about to call PR_Poll !

Thanks,
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to