0
When i use Openssl to connect to facebook.com I see 'ECDHE-ECDSA-AES128-GCM-SHA256' ciphersuite used.
openssl s_client -connect www.facebook.com:443
SSL handshake has read 3280 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 527DB47524E5CC01C398927C91F750E3AAF6BC94C87EFF97C37834B53F0C0BA9
Session-ID-ctx:
Master-Key: 044197ACB0895E7F6673C42BB6ADBD82EC9F63941F7AC063BE346B7B5CA33BFF1C49D91A254C008F66A95F46E947B303
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 172800 (seconds)
But when I use 'cipher' parameter of Openssl to use the same previous ciphersuite the SSL handshake fails. Why??
openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect www.facebook.com:443
CONNECTED(00000003)
140375704602440:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 119 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Redhat
Posted 2019-08-26T09:16:57.050
Reputation: 1
I don't think this is on-topic on Cryptography, try Stack Overflow. Be prepared to provide the Wireshark capture of the Client Hello in both cases. – None – 2019-08-26T16:36:43.290