Displaying 5 results from an estimated 5 matches for "ssl_ctx_set1_group".
Did you mean:
ssl_ctx_set1_groups
2018 Jul 31
2
2.3.2.1 - EC keys suppport?
...er -cert ec.cert.pem -key ec.key.pem -port 5555 -curves
> brainpoolP512r1 ]
> [ openssl s_client -connect localhost:5555 -curves brainpoolP512r1 ]
>
> I am not familiar really with the OpenSSL API and only roughly gather
> that the app (dovecot) would have to make the API call [
> SSL_CTX_set1_groups_list ]
> (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html)
> in order to support those curves.
>
>
Whoops.
We have a setting called `ssl_curve_list` in dovecot, and I tried using
that when I was testing. Turns out that there is a bug preventing that
setting from b...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
>>>> I did some local testing and it seems that you are using a curve
>>>> that is not acceptable for openssl as a server key.
>>>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem
>>>> -port 5555
>>>> using cert generated with brainpool. Everything works if I use
>>>> prime256v1 or secp521r1. This is a
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
...s this way:
[ openssl s_server -cert ec.cert.pem -key ec.key.pem -port 5555 -curves
brainpoolP512r1 ]
[ openssl s_client -connect localhost:5555 -curves brainpoolP512r1 ]
I am not familiar really with the OpenSSL API and only roughly gather
that the app (dovecot) would have to make the API call [
SSL_CTX_set1_groups_list ]
(https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html)
in order to support those curves.
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
...y ec.key.pem -port 5555 -curves
>> brainpoolP512r1 ]
>> [ openssl s_client -connect localhost:5555 -curves brainpoolP512r1 ]
>>
>> I am not familiar really with the OpenSSL API and only roughly gather
>> that the app (dovecot) would have to make the API call [
>> SSL_CTX_set1_groups_list ]
>> (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html)
>> in order to support those curves.
>>
>>
> Whoops.
>
> We have a setting called `ssl_curve_list` in dovecot, and I tried using
> that when I was testing. Turns out that there is a...
2018 Jul 31
2
2.3.2.1 - EC keys suppport?
...-curves
>>> brainpoolP512r1 ]
>>> [ openssl s_client -connect localhost:5555 -curves brainpoolP512r1 ]
>>>
>>> I am not familiar really with the OpenSSL API and only roughly gather
>>> that the app (dovecot) would have to make the API call [
>>> SSL_CTX_set1_groups_list ]
>>> (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html)
>>> in order to support those curves.
>>>
>>>
>> Whoops.
>>
>> We have a setting called `ssl_curve_list` in dovecot, and I tried using
>> that when I was te...