2.3.2.1 - EC keys suppport?
ѽ҉ᶬḳ℠
vtol at gmx.net
Mon Jul 30 21:34:27 EEST 2018
>>
>>> I did some local testing and it seems that you are using a curve
>>> that is not acceptable for openssl as a server key.
>>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem
>>> -port 5555
>>> using cert generated with brainpool. Everything works if I use
>>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not
>>> something we can really do anything about.
>>> Aki Tuomi
>>> Open-Xchange Oy
>> Which openssl version you are using? This end it is OpenSSL 1.1.0h.
>> There are no issues creating private keys, issuing csr, signing certs
>> with that particular curve. Printing certs and verifying certs against
>> keys is panning out too, comparing md5 hashes also no errors. So why
>> would openssl not accept (limit) keys is has generated and verified with
>> no error?
>>
>>
> try
>
> openssl s_server -cert /path/to/cert -key /path/to/key -port 5555
>
> openssl s_client -connect localhost:5555
>
Uhum, I see now. What a strange thing (bug?) openssl is doing. Thank you
for valuable time/effort having debug this. Seems I have to start the CA
all over...
More information about the dovecot
mailing list