Whats your openssl version? The EC support in openssl is present in recents versions.
El 20/03/14 15:58, Matthew Wild escribió: > Hi Artur, > > Sorry for the delay in replying, I've only just realised I've had this > draft open for nearly 4 days already. > > On 16 March 2014 20:31, Artur Bekasov <artur.beka...@gmail.com> wrote: >> Hello prosody developers, >> >> I've faced a slight problem when trying to use Prosody with SSL. >> >> I have following in the global part of my prosody.cfg.lua: >> >> ssl = { >> key = ".../ssl.key"; >> certificate = ".../ssl.crt"; >> } >> >> >> When I try to start the server, it gives a few lines of this: >> >> SSL/TLS: Error initialising for ...: OpenSSL does not support ECDH >> > >> Of course, I could just enable ECDH, but unfortunately it is not a trivial >> task on my distribution (it's EC2 Amazon Linux) - you need to build it from >> sources with some flag set, which sounds like a potential source of even >> more problems. > > Right, RedHat and derived distributions have it disabled in OpenSSL > over patent fears: https://bugzilla.redhat.com/show_bug.cgi?id=319901 > >> I've tried installing the current master of prosody and got the same >> results. > > I don't see an easy way for us to detect whether OpenSSL supports it > or not (but we've been discussing for a while the need for LuaSec to > be able to report capabilities to us). > >> So what do you think about it, guys? Am I doing something wrong, or this >> should be fixed? I'll be more than happy to fix it myself and pull-request, >> if we agree on how this should be dealt with. I am not very good with all >> that SSL terminology, but is it required to have curve set to something even >> if we don't intend to use ECDH? > > I'm not sure yet what the best solution is, though I lean towards it > being taken care of by packagers. It could for example be allowing you > to set curve = false to remove a dependency on ECDH. This doesn't > currently work, but arguably it should. > > Later on we could make it automatic if LuaSec adds an API for detecting this. > > Regards, > Matthew > -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to prosody-dev+unsubscr...@googlegroups.com. To post to this group, send email to prosody-dev@googlegroups.com. Visit this group at http://groups.google.com/group/prosody-dev. For more options, visit https://groups.google.com/d/optout.