openssl s_client and s_server cipher mismatch

Question

I'm starting a server with:

openssl s_server -accept 8888 -cert server.de.crt -key server.de.key -state -cipher 'ECDHE-RSA-AES128-GCM-SHA256'

Then connecting from the same machine with s_client:

openssl s_client -connect localhost:8888 -state -cipher 'ECDHE-RSA-AES128-GCM-SHA256'

giving me:

3077933256:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:469:

But openssl ciphers tells me it's available, and the key should also work. When I use the same key on the same machine with apache 2.4, my browser uses ECDHE-RSA-AES128-GCM-SHA256. So I tried with the chrome browser to the s_server:

https://machineip:8888

And the server said:

CIPHER is ECDHE-RSA-AES128-GCM-SHA256

So the s_server and the key do support the cipher, but the s_client does not? Why?

Some more investigation shows, that only ciphers using SHA-1 for Signature seem to work in the client...

PS: I came across this issue, because my node.js websocket server seems to be limited to SHA-1 ciphers as well.

Answer 1

You might add the -tls1_2 option. I seem to recall the AES/GCM ciphers are TLS 1.1 or TLS 1.2. If its Ubuntu prior to 14, then forget it. Ubuntu disables TLS 1.2 in clients for interop reasons. See Ubuntu 12.04 LTS: OpenSSL downlevel version, does not support TLS 1.2. – jww Aug 13 at 12:42

jww was right!

It worked with the -tls1_2 option in the s_client, although I was using Ubuntu 12.04 LTS. Maybe the that's why I had to explicitly give this option.