ECDSA certificates - do not seeem to be presented
- Feb 24, 2020
Hi Carol,
I suspect this is to do with your cipher group/string though we haven't been using these key exchanges yet. The article you provided states use 'ECDHE' but this will include all suites using RSA key exchange. For example:
# tmm --clientciphers 'ECDHE'
ID SUITE BITS PROT CIPHER MAC KEYX
0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
3: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
4: 49171 ECDHE-RSA-AES128-CBC-SHA 128 DTLS1 AES SHA ECDHE_RSA
5: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
6: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
8: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
9: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
10: 49172 ECDHE-RSA-AES256-CBC-SHA 256 DTLS1 AES SHA ECDHE_RSA
11: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
12: 52392 ECDHE-RSA-CHACHA20-POLY1305-SHA256 256 TLS1.2 CHACHA20-POLY1305 NULL ECDHE_RSA
13: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1 DES SHA ECDHE_RSA
14: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.1 DES SHA ECDHE_RSA
15: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.2 DES SHA ECDHE_RSA
You'll need to specify 'ECDHE_ECDSA' to only offer ECDSA key exchange cipher suites. Hopefully that'll do the job.
Kind regards
Ben