You are not logged in.
Hello,
after reading some of the quite confusing documentation from OpenSSL, the ArchWiki and googling a lot more, I acknowledged that I need some support.
A few years ago, I managed to generate a key and a self-signed certificate. Firefox used to connect to my webinterface with a SSL 3.0 AES 128-bit SHA1 cipher or with a Camellia 256. I contribute changes to the selection of the cipher suite to changes in FF. For a long time, I wanted to exchange the key and certificiate, especially after the heartbleed bugs were discovered. Now FF is refusing to connect to the webinterface with the error:
Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
Chromium is still connecting with the usual warning about the self-signed certificate, but it's not my favorite browser.
As I understand, when using Perfect Forward Secrecy it is not really necessary to have a verified certificate as to the nature of the key exchange.
Now arises the question on how to generate such a key ( and cert?)?
One of the ciphers mentioned here https://www.openssl.org/docs/apps/ciphers.html under TLS v1.2 cipher suites should be a suitable candidate (ephemeral Diffie-Hellman?). But how to generate it with OpenSSL (dh, dhparam, genpkey, pkeyparam)?
Any help, support or hint on where to find suitable (for me understandable) documentation, would be very much appreciated.
Last edited by mieLouk (2014-10-18 10:25:27)
Offline