Displaying 12 results from an estimated 12 matches for "brainpoolp512t1".
Did you mean:
brainpoolp512r1
2018 Jul 29
4
2.3.2.1 - EC keys suppport?
...equest and the signed
certificate.
The csr created from a private key with [ openssl genpkey -algorithm RSA
] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
But as stated in the initial message it does not work if the private key
for the csr is generated with [ openssl ecparam -name brainpoolP512t1
-genkey ].
2018 Jul 29
2
2.3.2.1 - EC keys suppport?
Hi,
facing [ no shared cipher ] error with EC private keys. This happens
when the private key is generated with [ openssl ecparam -name
brainpoolP512t1 -genkey ] with OpenSSL 1.1.0hh on the same machine
Dovecot is running on.
Tried some variations of [ ssl_cipher_list ] but to no avail - the [ no
shared cipher ] error persists.
Once the key is generated with [ openssl genpkey -algorithm RSA ]
however the error is gone.
Thus wondering whether (1...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...The csr created from a private key with [ openssl genpkey -algorithm RSA
>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>>
>> But as stated in the initial message it does not work if the private key
>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
>> -genkey ].
>>
>>
> Can you try, with your ECC cert,
>
> openssl s_client -connect server:143 -starttls imap
>
> and paste result?
>
This is for the certificate where the csr is generated with an EC
private key and the [ no shared cipher ] error:
CONNECTED(00...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...icate.
>
> The csr created from a private key with [ openssl genpkey -algorithm RSA
> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>
> But as stated in the initial message it does not work if the private key
> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
> -genkey ].
>
>
Hi!
Can you show doveconf ssl_cipher_list?
Aki
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...ate.
>
> The csr created from a private key with [ openssl genpkey -algorithm RSA
> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>
> But as stated in the initial message it does not work if the private key
> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
> -genkey ].
>
>
Can you try, with your ECC cert,
openssl s_client -connect server:143 -starttls imap
and paste result?
Aki
2014 Apr 07
1
Source code patch (for 6.6p1) adding support for Brainpool Elliptic Curves
...cts brainpoolP512r1 (canonically). Furthermore, you can
specify the nick name of an Elliptic Curve using the -b switch of ssh-keygen.
Supported nick names are:
nistp256, nistp384, nistp521
and the Brainpool ones:
brainpoolP256r1, brainpoolP256t1
brainpoolP384r1, brainpoolP384t1
brainpoolP512r1, brainpoolP512t1
Would be nice if someone could review (maybe modify if desired?) the patch and
if it is eligible, then adding the stuff would make me (and hopefully others)
happy.
Btw, ECDSA host key not touched, i.e. derived from bit size (i.e. always a
NIST-thing).
Thx.
[Gero at likemag]
?
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...key with [ openssl genpkey -algorithm RSA
>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>>>>
>>>> But as stated in the initial message it does not work if the private key
>>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
>>>> -genkey ].
>>>>
>>>>
>>> Can you try, with your ECC cert,
>>>
>>> openssl s_client -connect server:143 -starttls imap
>>>
>>> and paste result?
>>>
>> This is for the certificate where the csr is ge...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...m a private key with [ openssl genpkey -algorithm RSA
> >> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
> >>
> >> But as stated in the initial message it does not work if the private key
> >> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
> >> -genkey ].
> >>
> >>
> > Can you try, with your ECC cert,
> >
> > openssl s_client -connect server:143 -starttls imap
> >
> > and paste result?
> >
>
> This is for the certificate where the csr is generated with an EC
> p...
2018 Jul 30
3
2.3.2.1 - EC keys suppport?
...m RSA
> >>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
> >>>>>
> >>>>> But as stated in the initial message it does not work if the private key
> >>>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
> >>>>> -genkey ].
> >>>>>
> >>>>>
> >>>> Can you try, with your ECC cert,
> >>>>
> >>>> openssl s_client -connect server:143 -starttls imap
> >>>>
> >>>> and paste resul...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...poolP320r1: RFC 5639 curve over a 320 bit prime field
? brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
? brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
? brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
? brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
? brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...sl genpkey -algorithm RSA
>>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>>>>>
>>>>> But as stated in the initial message it does not work if the private key
>>>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
>>>>> -genkey ].
>>>>>
>>>>>
>>>> Can you try, with your ECC cert,
>>>>
>>>> openssl s_client -connect server:143 -starttls imap
>>>>
>>>> and paste result?
>>>>
>>> This is...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...v>
brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
</div>
<div>
brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
</div>
<div>
brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
</div>
<div>
brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
</div>
</blockquote>
<div>
<br>
</div>
<div>
try
</div>
<div>
<br>
</div>
<div>
openssl s_server -cert /path/to/cert -key /path/to/key -port 5555
</div>...