Whats your openssl version? The EC support in openssl is present in
recents versions.
El 20/03/14 15:58, Matthew Wild escribió:
> Hi Artur,
>
> Sorry for the delay in replying, I've only just realised I've had this
> draft open for nearly 4 days already.
>
> On 16 March 2014 20:31, Artur Bekasov <artur.beka...@gmail.com> wrote:
>> Hello prosody developers,
>>
>> I've faced a slight problem when trying to use Prosody with SSL.
>>
>> I have following in the global part of my prosody.cfg.lua:
>>
>> ssl = {
>> key = ".../ssl.key";
>> certificate = ".../ssl.crt";
>> }
>>
>>
>> When I try to start the server, it gives a few lines of this:
>>
>> SSL/TLS: Error initialising for ...: OpenSSL does not support ECDH
>>
>
>> Of course, I could just enable ECDH, but unfortunately it is not a trivial
>> task on my distribution (it's EC2 Amazon Linux) - you need to build it from
>> sources with some flag set, which sounds like a potential source of even
>> more problems.
>
> Right, RedHat and derived distributions have it disabled in OpenSSL
> over patent fears: https://bugzilla.redhat.com/show_bug.cgi?id=319901
>
>> I've tried installing the current master of prosody and got the same
>> results.
>
> I don't see an easy way for us to detect whether OpenSSL supports it
> or not (but we've been discussing for a while the need for LuaSec to
> be able to report capabilities to us).
>
>> So what do you think about it, guys? Am I doing something wrong, or this
>> should be fixed? I'll be more than happy to fix it myself and pull-request,
>> if we agree on how this should be dealt with. I am not very good with all
>> that SSL terminology, but is it required to have curve set to something even
>> if we don't intend to use ECDH?
>
> I'm not sure yet what the best solution is, though I lean towards it
> being taken care of by packagers. It could for example be allowing you
> to set curve = false to remove a dependency on ECDH. This doesn't
> currently work, but arguably it should.
>
> Later on we could make it automatic if LuaSec adds an API for detecting this.
>
> Regards,
> Matthew
>
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.
