Skip to content

Commit

Permalink
Add warning for the --show-groups command that some groups are missing
Browse files Browse the repository at this point in the history
OpenSSL has a weird way of only reporting EC curves that are implemented
in a certain way in the list of all EC curves. Note this fact and point
out that also the very important curves X448 and X25519 are affected.

Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg27193.html
Signed-off-by: Gert Doering <[email protected]>
  • Loading branch information
schwabe authored and cron2 committed Oct 13, 2023
1 parent 392da5b commit a840d50
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/openvpn/ssl_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2249,8 +2249,10 @@ show_available_tls_ciphers_list(const char *cipher_list,
void
show_available_curves(void)
{
printf("Consider using openssl 'ecparam -list_curves' as\n"
"alternative to running this command.\n");
printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
"this command.\n"
"Note this output does only list curves/groups that OpenSSL considers as\n"
"builtin EC curves. It does not list additional curves nor X448 or X25519\n");
#ifndef OPENSSL_NO_EC
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
Expand Down

0 comments on commit a840d50

Please sign in to comment.