On 07/11/2011 05:27 AM, y...@inbox.lv wrote:
> When i searched on it, it seemed that ECDH requires specified named
> curve
You need to specify the curve's name, like this:
openssl ecparam -name sect571k1
but this should only be done in the parameters generation stage, the
generated certificates should contain this information by themselves, so
I don't think specifying it to OpenVPN should be needed.
> Also, it seems that ECDSA works only with SHA-1
This has been marked as a bug and it was fixed in the most recent
versions of OpenSSL. I've met this issue with OpenSSL 0.9.8x (I don't
remember the "x"), this version is indeed the deafult one for both
Debain Squeeze and Ubuntu Natty, so this is quite annoying (I like
Debian a lot, but its repos are often too much outdated). As I've
written before, I've manually compiled OpenSSL v1.0.0 and I can read the
following for my certificate, as expected:
openssl x509 -text -in cacert.pem
...
Signature Algorithm: ecdsa-with-SHA512
> I searched about it few weeks
> ago and relevant messages were few months old.
Same problem here :( it seems that if someone managed to solve the
problem, he/she didn't bother to write back the solution.
Thanks anyway for the reply, still waiting for further help, I can't
believe nobody managed to solve this issue :(
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
