[gnutls-help] new EC cert: Received alert [51]: Decrypt error

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Apr 10 12:08:05 CEST 2014


On Thu, Apr 10, 2014 at 1:45 AM, Mark Oteiza <mvoteiza at udel.edu> wrote:
>
> Hi,
> I generated a new EC client certificate to use with IRC.  I can use it with
> s_client, but gnutls-cli fails

I don't believe it works with s_client. Possible s_client doesn't send
your key. See below.

> $ openssl ecparam -name secp521r1 -genkey -out key

Here you generate a key and place it in key.

> $ openssl req -nodes -newkey ec:key -x509 -days 730 -out cert

Here you generate another key, and a certificate for that key in cert.

I wouldn't expect any program to work with that combination. GnuTLS
should have warned about the key mismatch though.

regards,
Nikos



More information about the Gnutls-help mailing list