2.3.2.1 - EC keys suppport?

ѽ҉ᶬḳ℠ vtol at gmx.net
Mon Jul 30 21:23:11 EEST 2018


>> I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key.
>>
>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555
>>
>> using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about.
>>
>> Aki Tuomi
>> Open-Xchange Oy
> Which openssl version you are using? This end it is OpenSSL 1.1.0h.
> There are no issues creating private keys, issuing csr, signing certs
> with that particular curve. Printing certs and verifying certs against
> keys is panning out too, comparing md5 hashes also no errors. So why
> would openssl not accept (limit) keys is has generated and verified with
> no error?
>
>

Ran both certificate types with [ openssl s_server -cert ec.cert.pem
-key ec.key.pem -port 5555 ] and [ openssl s_server -cert rsa.cert.pem
-key rsa.key.pem -port 5555 ] and both with the output:

Using default temp DH parameters
ACCEPT

Which would indicate this not being caused by openssl.




More information about the dovecot mailing list