On 07/11/2011 05:27 AM, y...@inbox.lv wrote: > When i searched on it, it seemed that ECDH requires specified named > curve
You need to specify the curve's name, like this: openssl ecparam -name sect571k1 but this should only be done in the parameters generation stage, the generated certificates should contain this information by themselves, so I don't think specifying it to OpenVPN should be needed. > Also, it seems that ECDSA works only with SHA-1 This has been marked as a bug and it was fixed in the most recent versions of OpenSSL. I've met this issue with OpenSSL 0.9.8x (I don't remember the "x"), this version is indeed the deafult one for both Debain Squeeze and Ubuntu Natty, so this is quite annoying (I like Debian a lot, but its repos are often too much outdated). As I've written before, I've manually compiled OpenSSL v1.0.0 and I can read the following for my certificate, as expected: openssl x509 -text -in cacert.pem ... Signature Algorithm: ecdsa-with-SHA512 > I searched about it few weeks > ago and relevant messages were few months old. Same problem here :( it seems that if someone managed to solve the problem, he/she didn't bother to write back the solution. Thanks anyway for the reply, still waiting for further help, I can't believe nobody managed to solve this issue :( ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org