OpenSSL 1.1.0 s_server doesn't work with ecdsa certificate。 but openssl 1.0.2 can work. please, give me some help.

[andylau004]

1. success situation

/usr/bin/openssl is 1.0.2
[root@localhost ec-ssl-crt]# openssl version -a
OpenSSL 1.0.2l 25 May 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)

       **test https server like this.**

[root@localhost ec-ssl-crt]# openssl s_server -accept 443 -key ./ecdsa_mjvrv_linkdoodcn.key -cert ./ecdsa_mjvrv_linkdoodcn.crt
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALALAQABDArx9LfD7MN1BEP/s7wMHH0NAPWyNrbz1vHglicq0bM
wQ+FxyUe4azP+pS8cvA1KEOhBgIEWmcND6IEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AECDH-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
Shared Elliptic curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
DONE
shutting down SSL
CONNECTION CLOSED

test client: can handleshake success.
you can see handleshake ciphersuit is : CDHE-ECDSA-AES256-GCM-SHA384

2. failed situation

but when i use openssl 1.1 as https server ,it will failed. so i dont know how can I do.
[root@localhost ec-ssl-crt]# /opt/openssl1.1/bin/openssl version -a
OpenSSL 1.1.0f 25 May 2017
built on: reproducible build, date unspecified
platform: linux-x86_64

[root@localhost ec-ssl-crt]# /opt/openssl1.1/bin/openssl s_server -accept 443 -key ./ecdsa_mjvrv_linkdoodcn.key -cert ./ecdsa_mjvrv_linkdoodcn.crt -CAfile ./G1-ssl-ecdsa-cachain.pem
Using default temp DH parameters
ACCEPT
ERROR
140033221580608:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1404:
shutting down SSL
CONNECTION CLOSED

you can see handleshake failed.
and test client output : SSL_connect: sslv3 alert handshake failure

I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.
Thanks in advance.

[mattcaswell]

Are you able to share the cert? Is this a "real" key and cert or a test one? If a test one can you also share the key? What can you tell us about the client here?

[andylau004]

server_crt_ec-ssl-crt.zip inlcude https s_server use cert and key and CAfile
client_crt_key.zip include client key and crt
3q for you help.

server_crt_ec-ssl-crt.zip
@mattcaswell ok.
client_crt_key.zip

[andylau004]

test client cmd is
openssl s_client -tls1_2 -connect 192.168.0.167:443 -cert ./ecdsa_306.crt -key ./ecdsa_306.key -CAfile ./G1-ssl-ecdsa-cachain.pem

@mattcaswell

[andylau004]

openssl1.0.2 https s_server ,,and openssl1.0.2 s_client all is ok
but openssl 1.1.0 https s_server, alll failed
@mattcaswell

[mattcaswell]

Your ECDSA certificate is slightly unusual.

$ openssl x509 -in ecdsa_mjvrv_linkdoodcn.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124 (0x7c)
    Signature Algorithm: ecdsa-with-SHA384
        Issuer: O = Beijing VRV Software Corporation Limited., OU = Mobile Interconnection Center, CN = VRV ec-ssl CA - G1
        Validity
            Not Before: Jan  3 11:25:51 2018 GMT
            Not After : Sep 29 11:25:51 2020 GMT
        Subject: C = CN, ST = Beijing, O = mjvrv, OU = mjvrv_linkdood, CN = mjvrv.linkdood.cn
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:04:9b:f1:9b:db:4b:ab:17:b5:22:d0:25:f5:b8:
                    e5:b2:1b:51:ce:39:d1:97:2e:9b:2a:99:84:51:ea:
                    59:68:04:29:a0:f1:eb:2d:9e:bb:69:4f:96:33:0b:
                    bd:02:c7:56:bf:d0:63:31:d6:27:5c:ed:ab:96:88:
                    42:58:fe:86:e1
                ASN1 OID: secp256k1
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            1.2.3.4.8.9.4.28: 
                ..custom_value_OU_
            1.2.3.4.8.9.4.27: 
                ..custom_value_O_
            X509v3 Subject Alternative Name: 
                DNS:mjvrv.linkdood.cn, DNS:*.linkdood.cn
    Signature Algorithm: ecdsa-with-SHA384
         30:45:02:20:33:8a:e9:34:de:22:1b:df:58:46:61:84:c9:d5:
         13:3d:4e:84:18:af:73:29:93:b5:9e:d1:48:4b:ab:e3:48:23:
         02:21:00:e9:71:c7:d4:4f:c0:a7:6d:d2:1f:c3:0e:d2:49:0e:
         7c:4a:0f:ce:8c:0f:82:c6:90:4f:7e:3b:52:ce:e7:05:aa

Note that it is using secp256k1 for its curve. This is a binary curve. Support for these is still in OpenSSL 1.1.0 but they are no longer in the default set. If it is possible and appropriate for you I would consider using P-256 instead (aka secp256r1). Since it is no longer in the default set OpenSSL is failing to agree on a shared curve. If you can't change the cert then another way to get this to work is to add the argument -curves "X25519:P-256:P-521:P-384:secp256k1"" onto your s_server command line.

[mattcaswell]

Note that if you use 1.1.0 s_client to connect to 1.1.0 s_server then you will also need to add the same argument onto the s_client command line.

[andylau004]

@mattcaswell lol ,,,,3Q very much

I truly appreciate you!!! use your your recommendation indeed slove my problem .

also have something , but it's not important!
I search NID_secp256r1 in openssl 1.0.2n and openssl 1.1.0f source package.
not found NID_secp256r1 ,but it not important. I Use NID_secp384r1 also OK .

as follow is screenshot

[mattcaswell]

Ah...the NID name is NID_X9_62_prime256v1!!

[andylau004]

@mattcaswell OKOK...