search for: genpkey

...It does - Thunderbird 60.0b10 (64-bit) [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] It seems there is a difference between the private key (rsa vs. ecc -> SSL_CTX?) used for the certificate signing request and the signed certificate. The csr created from a private key with [ openssl genpkey -algorithm RSA ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. But as stated in the initial message it does not work if the private key for the csr is generated with [ openssl ecparam -name brainpoolP512t1 -genkey ].

...when the private key is generated with [ openssl ecparam -name brainpoolP512t1 -genkey ] with OpenSSL 1.1.0hh on the same machine Dovecot is running on. Tried some variations of [ ssl_cipher_list ] but to no avail - the [ no shared cipher ] error persists. Once the key is generated with [ openssl genpkey -algorithm RSA ] however the error is gone. Thus wondering whether (1) I am missing something or (2) this a bug or (3) there is no support for EC keys?

...ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >> >> It seems there is a difference between the private key (rsa vs. ecc -> >> SSL_CTX?) used for the certificate signing request and the signed >> certificate. >> >> The csr created from a private key with [ openssl genpkey -algorithm RSA >> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. >> >> But as stated in the initial message it does not work if the private key >> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 >> -genkey ]. >> >> >...

...t) > > [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] > > It seems there is a difference between the private key (rsa vs. ecc -> > SSL_CTX?) used for the certificate signing request and the signed > certificate. > > The csr created from a private key with [ openssl genpkey -algorithm RSA > ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > > But as stated in the initial message it does not work if the private key > for the csr is generated with [ openssl ecparam -name brainpoolP512t1 > -genkey ]. > > Hi! Can you show doveconf ssl...

...> > [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] > > It seems there is a difference between the private key (rsa vs. ecc -> > SSL_CTX?) used for the certificate signing request and the signed > certificate. > > The csr created from a private key with [ openssl genpkey -algorithm RSA > ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > > But as stated in the initial message it does not work if the private key > for the csr is generated with [ openssl ecparam -name brainpoolP512t1 > -genkey ]. > > Can you try, with your ECC ce...

...gt;>> >>>> It seems there is a difference between the private key (rsa vs. ecc -> >>>> SSL_CTX?) used for the certificate signing request and the signed >>>> certificate. >>>> >>>> The csr created from a private key with [ openssl genpkey -algorithm RSA >>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. >>>> >>>> But as stated in the initial message it does not work if the private key >>>> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 >>&g...

...root at officelink01:~# openssl help Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautl s_client...

...ha384;true ] > >> > >> It seems there is a difference between the private key (rsa vs. ecc -> > >> SSL_CTX?) used for the certificate signing request and the signed > >> certificate. > >> > >> The csr created from a private key with [ openssl genpkey -algorithm RSA > >> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > >> > >> But as stated in the initial message it does not work if the private key > >> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 > >> -genkey...

...Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: marcoshalano at gmail.com I generate a ED25519 key using OpenSSL: openssl genpkey -algorithm ED25519 -out key_ed25519.pem After that I extracted the public key: openssl pkey -in key_ed25519.pem -pubout -out public_ed25519.pem And then I try to get the SSH public key to put on authorized_keys: ssh-keygen -i -m PKCS8 -f public_ed25519.pem The error was: do_convert_from_pkcs8: unsu...

...>>> It seems there is a difference between the private key (rsa vs. ecc -> >>>>> SSL_CTX?) used for the certificate signing request and the signed >>>>> certificate. >>>>> >>>>> The csr created from a private key with [ openssl genpkey -algorithm RSA >>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. >>>>> >>>>> But as stated in the initial message it does not work if the private key >>>>> for the csr is generated with [ openssl ecparam -name brainpoolP...

...ssl help > Standard commands > asn1parse         ca                ciphers           cms > crl               crl2pkcs7         dgst              dhparam > dsa               dsaparam          ec                ecparam > enc               engine            errstr            gendsa > genpkey           genrsa            help              list > nseq              ocsp              passwd            pkcs12 > pkcs7             pkcs8             pkey              pkeyparam > pkeyutl           prime             rand              rehash > req               rsa               rsautl...

...s there is a difference between the private key (rsa vs. ecc -> > >>>>> SSL_CTX?) used for the certificate signing request and the signed > >>>>> certificate. > >>>>> > >>>>> The csr created from a private key with [ openssl genpkey -algorithm RSA > >>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > >>>>> > >>>>> But as stated in the initial message it does not work if the private key > >>>>> for the csr is generated with [ openssl ecpa...