I'm building a prototype of an IOT device communicating through openssl with an online server. The software uses ECDSA certificate signed with my own subca.
The problem seems there isn't a cipher availlable for that certificate. To test the whole things i used openssl s_server on server side and nmap ssl-enum-ciphers script on client side. nmap returns a void list of ciphers.
The command given for the server is:
openssl s_server -accept 4433 -cert server1.crt -certform PEM -key server1.key
this is the certificate i use on server side.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 256 (0x100)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=IT, O=wwwtech, CN=wwwtech Server CA
Validity
Not Before: Jul 17 12:11:31 2017 GMT
Not After : Jul 17 12:11:31 2019 GMT
Subject: C=IT, O=wwwtech, CN=server1
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (160 bit)
pub:
04:1c:e3:02:ec:bc:0f:88:7a:58:0b:36:b6:55:2c:
e5:f1:67:5f:a0:7a:c3:c9:4b:7c:45:02:42:61:20:
0c:4d:30:22:f6:c7:09:b5:ef:e1:8e
ASN1 OID: brainpoolP160r1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Key Encipherment
Netscape Cert Type:
SSL Server
Netscape Comment:
AreaWFI Server Certificate
X509v3 Subject Key Identifier:
8D:92:1A:9F:6A:AB:D2:E5:6B:72:CB:25:A9:15:27:38:08:CE:DE:A9
X509v3 Authority Key Identifier:
keyid:E7:2F:0E:A7:39:B4:85:46:FE:2A:EA:9F:0A:FE:54:F4:B9:A5:B6:AC
X509v3 Subject Alternative Name:
IP Address:127.0.0.1
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:32:f1:d1:90:08:f1:dc:a5:9d:30:d3:db:4b:05:
6c:d2:41:cc:ac:6f:01:f8:90:0d:a5:25:27:4d:f9:38:62:14:
02:20:19:37:c4:7c:07:e9:07:2d:c8:6e:1f:a4:db:4e:44:48:
68:4a:e9:9d:03:68:b3:b0:c6:31:60:92:ed:54:5c:22
Your certificate is using the brainpoolP160r1 curve. This curve is supported by libcrypto but not by libssl. Probably because this is insufficiently secure (it only offers the equivalent of 80 bits of security). Probably if you tried a different (more secure) curve you will get better results.
You don't say what version of OpenSSL you are using. Note that in OpenSSL 1.1.0 the "default" curves supported by OpenSSL are X25519, P-256, P-384 and P-512. If you want to use other curves you will probably have to explicitly state them using the "-curves" parameter to s_server. The only brainpool curves that libssl supports in OpenSSL 1.1.0 are brainpoolP256r1, brainpoolP384r1 and brainpoolP512r1.
Edit:
I also note that you have an X509v3 Key Usage of "Key Encipherment" which doesn't make any sense for an ECDSA cert (ECDSA can't "encipher" anything; its a digital signature algorithm). Change the key usage to "Digital Signature" (or drop it altogether).