Hi, On 11/12/2013 04:12 PM, Jan Just Keijser wrote: > correct , although you can currently use EC certs with SHA1 signing - > just not with SHA2 signing. > > JJK
Which means adding SHA2 hashing is at least a nice addition. I've taken a quick peak at the code, applied the patches to master (which was not that hard, considering it's been quite some time since these have been published) and did some quick tests. The code seems to work, and I'm planning to take a better look at it later this week. This patch gives me a nice starting point. In the mean time the people at PolarSSL have also added an elliptic curve implementation to their library. I've been working on making OpenVPN work with PolarSSL 1.3, which seems to at least have brought support for ECDHE without adding extra logic to OpenVPN. If time permits I'll also take a look at getting ECDSA working. Patches will follow as soon as I'm a bit more confident that the code really works. It would be very nice to get full EC support in OpenVPN! :) -Steffan
