Author abacabadabacaba
Recipients abacabadabacaba
Date 2016-02-01.01:50:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I tried to use ssl module to create a server with a certificate that uses an ECC key. However, this didn't work. Here is how to reproduce this:

First, generate a key and a certificate:

    $ openssl req -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -x509 -keyout key.pem -out cert.pem
    (type some passphrase, then just press Enter in response to the questions that it asks)

Then run this Python program:

    from socket import socket
    from ssl import wrap_socket
    s = socket()
    s.bind(('localhost', 12345))
    wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)

This program will wait for a connection, so try to connect:

    $ openssl s_client -connect localhost:12345

The program will ask for a passphrase, so type it. After that, you will get an exception:

    Traceback (most recent call last):
      File "", line 6, in <module>
        wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)
      File "/usr/lib/python3.5/", line 1064, in wrap_socket
      File "/usr/lib/python3.5/", line 747, in __init__
      File "/usr/lib/python3.5/", line 983, in do_handshake
      File "/usr/lib/python3.5/", line 628, in do_handshake
    ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:645)

If the certificate uses RSA key, it works. With ECC, I had no luck. I tried creating a context explicitly and using set_ciphers method to enable more ciphers. While it appears to support ECDSA ciphersuites, it can't use them for some reason.
Date User Action Args
2016-02-01 01:50:17abacabadabacabasetrecipients: + abacabadabacaba
2016-02-01 01:50:17abacabadabacabasetmessageid: <>
2016-02-01 01:50:17abacabadabacabalinkissue26254 messages
2016-02-01 01:50:14abacabadabacabacreate