Displaying 20 results from an estimated 37 matches for "x25519".
Did you mean:
25519
2019 Feb 17
3
[PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)
...problems;
I hacked a bit regress/unittests/kex, and benchmarked
do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256);
Before:
0.3295s per call
After:
0.2183s per call
That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519,
there are potential for total 200% speedup in KEX.
(2) rebased patch against git master; passes regression test;
I relied on presence of NID_X25519 for autodetection; probably it makes sense to check if is
actually working it autoconf; then again, maybe not (it won't work when cross-compilin...
2018 Sep 13
2
X448 Key Exchange
Hi all,
I'm interested in having X448 protocol available as an option, as it
gives a larger security margin over X25519. For anyone unfamiliar, it
is an Diffie-Hellman elliptic curve key exchange using Curve448 (defined
in RFC7748: https://tools.ietf.org/html/rfc7748). Furthermore, it is
included in the new TLS 1.3 specification (RFC8846:
https://tools.ietf.org/html/rfc8446).
A few questions:
1. Wh...
2018 Sep 14
4
X448 Key Exchange
On 09/13/2018 08:18 PM, Damien Miller wrote:
> We have any plans to add more crypto options to OpenSSH without a strong
> justification, and I don't see one for X448-SHA512 ATM.
What I like about it is that it offers ~224 bit security level, whereas
X25519 offers ~128 bits (according to RFC7748). Hence, pairing X448
with AES256 would provide a full chain of security in the ~224 bit
level, no?
It also provides an alternative to the NIST P-curves (like P-521), which
some people suspect are back-doored by the NSA. P-521 in ECDSA has been
supporte...
2018 Dec 19
1
How to configure Dovecot to disable NIST's curves and still rertain EECDH?
...EECDH disabled.
I have EDH now, and I've not yet run into a client that doesn't support
it. I want EECDH, but I won't use it without safe curves. I'm
confident that EECDH with safe curves and a second choice of EDH will
support any clients that are worth using. OpenSSL supports X25519, and
that is half the battle.
Is there a way to change the curve selection in Dovecot?
On 2018-12-19 01:49, Tributh via dovecot wrote:
> Do you really plan to do this?
> RFC 8446 section 9.1:
> A TLS-compliant application MUST support key exchange with secp256r1
> (NIST P-256) and S...
2019 Jul 18
1
Dovecot 2.3.0 TLS
...SSL: 1.1.1c
Dovecot configuration file:
ssl_min_protocol = TLSv1.2 (I tried different version)
When I tried to connect with command line: openssl s_client -showcerts -connect server:993
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2322 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiate...
2018 Dec 19
1
How to configure Dovecot to disable NIST's curves and still rertain EECDH?
...TLSv1.2 Kx=RSA Au=RSA
Enc=AESGCM(128) Mac=AEAD
0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA
Enc=AES(128) Mac=SHA256
Is there a better way to do this? Is there a way to disable only the
suspect NIST curves and still retain EECDH but with side-channel safe
curves like X25519?
Thanks,
Kurt Fitzner
Links:
------
[1] https://blog.cr.yp.to/20140323-ecdsa.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181218/59c56547/attachment.html>
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...during the openssl test [ s_server | s_client ] then revealed
(TLSv1.2 Record Layer: Handshake Protocol: Client Hello) :
Extension: supported_groups (len=10)
??? Type: supported_groups (10)
??? Length: 10
??? Supported Groups List Length: 8
??? Supported Groups (4 groups)
??????? Supported Group: x25519 (0x001d)
??????? Supported Group: secp256r1 (0x0017)
??????? Supported Group: secp521r1 (0x0019)
??????? Supported Group: secp384r1 (0x0018)
Apparently [ brainpool ] would apparently not fit into any of those
groups. Perhaps a bug in OpenSSL 1.1.0h thus.
2018 Jul 31
2
2.3.2.1 - EC keys suppport?
...(TLSv1.2 Record Layer: Handshake Protocol: Client Hello) :
>>
>> Extension: supported_groups (len=10)
>> ??? Type: supported_groups (10)
>> ??? Length: 10
>> ??? Supported Groups List Length: 8
>> ??? Supported Groups (4 groups)
>> ??????? Supported Group: x25519 (0x001d)
>> ??????? Supported Group: secp256r1 (0x0017)
>> ??????? Supported Group: secp521r1 (0x0019)
>> ??????? Supported Group: secp384r1 (0x0018)
>>
>> Apparently [ brainpool ] would apparently not fit into any of those
>> groups. Perhaps a bug in OpenSSL 1.1...
2017 Jan 13
0
TLS feature missing
...hat i was able to support
mulitiple TLS curves.
Now i upgraded to 2.2.27 with opnessl1.1.0 and was falling back to
historical stages where my server only servers one TLS-curve: secp384r1
right now.
One big reason to compile the new ersion with openssl1.1.0
was to bring CHACHA20-POLY1305 ciphers and X25519 curves to modern clients.
The ciphers i am estimating are working fine, but X25519 and also
secp521r1 ist now longer supported, like it was in dovecot 2.2.25.
Is there something broken?
Or a new (know missing) config feature?
Or is it a bug ?
Regards Torsten
2017 Dec 25
0
ssl_curve_list seems to be ignored with Dovecot 2.3
Hi all,
after upgrading to Dovecot 2.3, I've noticed the new "ssl_curve_list"
TLS option in 10-ssl.conf.
Setting it to "ssl_curve_list = X25519:P-256" or leaving it blank (auto)
does not change anything, Dovecot keeps on negotiating P-384: Server
Temp Key: ECDH, P-384, 384 bits
When using "-curves X25519" in s_client, it does a fallback to DH:
Server Temp Key: DH, 4096 bits
I'm on Dovecot 2.3.0 (c8b89eb) with OpenSSL 1...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...gt; -----END CERTIFICATE-----
>> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
>> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>> ---
>> No client certificate CA names sent
>> Peer signing digest: SHA512
>> Server Temp Key: X25519, 253 bits
>> ---
>> SSL handshake has read 2361 bytes and written 295 bytes
>> Verification error: unable to verify the first certificate
>> ---
>> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>> Server public key is 4096 bit
>> Secure Renegotiation...
2020 Aug 04
2
Problem with intermediate certificate (tls cafile)
...+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms:
RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3041 bytes and written 393 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiate...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...ver certificate
-----BEGIN CERTIFICATE-----
[ truncated ]
-----END CERTIFICATE-----
subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2361 bytes and written 295 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiat...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...-----
>>> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
>>> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>>> ---
>>> No client certificate CA names sent
>>> Peer signing digest: SHA512
>>> Server Temp Key: X25519, 253 bits
>>> ---
>>> SSL handshake has read 2361 bytes and written 295 bytes
>>> Verification error: unable to verify the first certificate
>>> ---
>>> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>>> Server public key is 4096 bit
>&g...
2020 Aug 06
0
Problem with intermediate certificate (tls cafile)
...red Requested Signature Algorithms:
> RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512
> Peer signing digest: SHA256
> Peer signature type: RSA-PSS
> Server Temp Key: X25519, 253 bits
> ---
> SSL handshake has read 3041 bytes and written 393 bytes
> Verification error: unable to verify the first certificate
> ---
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression...
2019 Oct 11
2
Panic: file smtp-client-connection.c: line 1212 (smtp_client_connection_established): assertion failed: (!conn->connect_succeeded)
...st = TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-
CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:TLS-AES-256-GCM-
SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS-
AES-128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256ssl_client_ca_file =
/etc/ssl/certs/ca-certificates.crtssl_curve_list =
X25519:secp521r1:secp384r1ssl_key = # hidden, use -P to show
itssl_min_protocol = TLSv1.2ssl_options =
no_ticketssl_prefer_server_ciphers = yessubmission_client_workarounds =
whitespace-before-pathsubmission_max_mail_size = 50000
ksubmission_relay_host = mta2.example.comsubmission_relay_ssl =
starttlssubm...
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
..._client ] then revealed
> (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) :
>
> Extension: supported_groups (len=10)
> ??? Type: supported_groups (10)
> ??? Length: 10
> ??? Supported Groups List Length: 8
> ??? Supported Groups (4 groups)
> ??????? Supported Group: x25519 (0x001d)
> ??????? Supported Group: secp256r1 (0x0017)
> ??????? Supported Group: secp521r1 (0x0019)
> ??????? Supported Group: secp384r1 (0x0018)
>
> Apparently [ brainpool ] would apparently not fit into any of those
> groups. Perhaps a bug in OpenSSL 1.1.0h thus.
>
>
Tur...
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
...shake Protocol: Client Hello) :
>>>
>>> Extension: supported_groups (len=10)
>>> ??? Type: supported_groups (10)
>>> ??? Length: 10
>>> ??? Supported Groups List Length: 8
>>> ??? Supported Groups (4 groups)
>>> ??????? Supported Group: x25519 (0x001d)
>>> ??????? Supported Group: secp256r1 (0x0017)
>>> ??????? Supported Group: secp521r1 (0x0019)
>>> ??????? Supported Group: secp384r1 (0x0018)
>>>
>>> Apparently [ brainpool ] would apparently not fit into any of those
>>> groups. Perh...
2019 May 31
0
Problem SSL entrust certificate
...000004)
depth=0 ...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 ...
verify error:num=21:unable to verify the first certificate
verify return:1
...
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2311 bytes and written 404 bytes
Verification error: unable to verify the first certificate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190530/3ac17bd6/attachment.html>...
2020 Jul 05
2
dovecot oauth
> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
>
>
> > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote:
> >
> >
> > Hello,
> >
> > I'm trying to configure roundcube / dovecot to work with keycloak.
> > I activated xoauth2 oauthbearer in dovecot.
> > But a problem