search for: brainpool

Dear all, ? maybe it is a little early but the next (stable) version of OpenSSL will support Brainpool Ellptic curves (current beta 1.0.2-beta1 contains support for Brainpool already). Brainpool curves are defined in RFC 5639. ? Please find attached a patch file that adds support for Brainpool Elliptic Curves in OpenSSH. Currently, setting the bit size to 256, 384 or 521 selects one of the matching...

...>>> I did some local testing and it seems that you are using a curve >>>> that is not acceptable for openssl as a server key. >>>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>>> -port 5555 >>>> using cert generated with brainpool. Everything works if I use >>>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not >>>> something we can really do anything about. >>>> Aki Tuomi >>>> Open-Xchange Oy >>> Which openssl version you are using? This end it is OpenS...

...bits, and as far as I know, only ECDH operations are well-defined on this curve, but ECDSA is not. Note that tinc requires at least 512 bit curves in order to allow 256 bit strength for the symmetric encryption. There are also other groups which have found and defined elliptic curves, such as ECC Brainpool, which has defined a 512 bit curve. I have not tried out this curve myself, and I don't know how well their curves have been scrutinized by the cryptographic community. Another option would be to try to generate our own curve. However, I have no idea what pitfalls there are when doing that. I...

...bits, and as far as I know, only ECDH operations are well-defined on this curve, but ECDSA is not. Note that tinc requires at least 512 bit curves in order to allow 256 bit strength for the symmetric encryption. There are also other groups which have found and defined elliptic curves, such as ECC Brainpool, which has defined a 512 bit curve. I have not tried out this curve myself, and I don't know how well their curves have been scrutinized by the cryptographic community. Another option would be to try to generate our own curve. However, I have no idea what pitfalls there are when doing that. I...

On 31.07.2018 03:32, ????? wrote: >> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >> >> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >> >> And thus t1 would not work anyway. However, having tested r1 the result >> was just the same. >> >> A tcpdump during the openssl test [ s_server | s_client ] then revealed >> (TLSv1.2 Record Layer: Handshake Proto...

...> </blockquote> <blockquote type="cite"> <div> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 </div> </blockquote> <blockquote type="cite"> <div> using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. </div> </blockquote> <blockquote type="cite"> <div> Aki Tuomi </div> <div> Open-Xchang...

...m RSA > >>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > >>>>> > >>>>> But as stated in the initial message it does not work if the private key > >>>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 > >>>>> -genkey ]. > >>>>> > >>>>> > >>>> Can you try, with your ECC cert, > >>>> > >>>> openssl s_client -connect server:143 -starttls imap > >>>> > >>>> and paste...

>> >>> I did some local testing and it seems that you are using a curve >>> that is not acceptable for openssl as a server key. >>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>> -port 5555 >>> using cert generated with brainpool. Everything works if I use >>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not >>> something we can really do anything about. >>> Aki Tuomi >>> Open-Xchange Oy >> Which openssl version you are using? This end it is OpenSSL 1.1.0h. >>...

> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: > > [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] > > And thus t1 would not work anyway. However, having tested r1 the result > was just the same. > > A tcpdump during the openssl test [ s_server | s_client ] then revealed > (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : &gt...

> >>> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >>> >>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>> >>> And thus t1 would not work anyway. However, having tested r1 the result >>> was just the same. >>> >>> A tcpdump during the openssl test [ s_server | s_client ] then revealed >>> (TLSv1.2 Recor...

On 31.07.2018 09:30, ????? wrote: >>>> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >>>> >>>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>>> >>>> And thus t1 would not work anyway. However, having tested r1 the result >>>> was just the same. >>>> >>>> A tcpdump during the openssl test [ s_server | s_client ] then revealed >&gt...

> I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. > > I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 > > using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. > > Aki Tuomi > Open-Xchange Oy Which openssl version you are using? This end it is OpenSSL 1.1.0h. There are no issues creating private keys, issuing csr...

...key with [ openssl genpkey -algorithm RSA >>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. >>>> >>>> But as stated in the initial message it does not work if the private key >>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 >>>> -genkey ]. >>>> >>>> >>> Can you try, with your ECC cert, >>> >>> openssl s_client -connect server:143 -starttls imap >>> >>> and paste result? >>> >> This is for the certificate where the csr...