OpenSSL has a weird way of only reporting EC curves that are implemented
in a certain way in the list of all EC cruves. Note this fact and point
out that also the very important curves X448 and X25519 are affected.
Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/ssl_openssl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 59bbdfc0a..442ae1871 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2355,8 +2355,10 @@ show_available_tls_ciphers_list(const char *cipher_list,
void
show_available_curves(void)
{
- printf("Consider using openssl 'ecparam -list_curves' as\n"
- "alternative to running this command.\n");
+ printf("Consider using 'openssl ecparam -list_curves' as alternative to
running\n"
+ "this command.\n"
+ "Note this output does only list curves/group that OpenSSL
considers as\n"
+ "builtin EC curves. It does not list additional curves nor X448 or
X25519\n");
#ifndef OPENSSL_NO_EC
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
--
2.39.2 (Apple Git-143)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
