Project

General

Profile

Actions

Feature #2833

closed

Using X25519 Key exchange

Added by codarren almost 7 years ago. Updated over 6 years ago.

Status:
Fixed
Priority:
Normal
Category:
TLS
Target version:
ASK QUESTIONS IN Forums:

Description

I am on lighttpd/1.4.48-devel-lighttpd-1.4.47-1-g6a17133 (ssl) - a light and fast webserver
compiled with openssl dev version 1.1.1
By default, the key exchange algorithm on lighttpd is "prime256v1"

When i do an openssl test on the server, the response is:
Server Temp Key: ECDH, P-256, 256 bits

I tried to specify the ec curve to use in lighttpd.conf:
ssl.ec-curve = "x25519"

I get an error:
lighttpd26839: Starting lighttpd: 2017-10-25 14:30:01: (mod_openssl.c.771) SSL: Unknown curve name x25519

when I tried using :
ssl.ec-curve = "X25519"

I get error: Starting lighttpd: 2017-10-25 14:31:23: (mod_openssl.c.782) SSL: Unable to create curve X25519

Am I doing something wrong? Most websites are using X25519 as key exchange algorithm

Best Regards,
Codarren

Actions #1

Updated by stbuehler almost 7 years ago

  • Status changed from New to Invalid
  • Target version deleted (1.4.48)

lighttpd only forwards the curve name to openssl (namely the OBJ_sn2nid function). openssl ecparam -list_curves might show which curves are supported on your system.

Actions #2

Updated by vimacs over 6 years ago

You can use the following patch. Now OpenSSL enables ECDH and has default curves enabled by default (including X25519), so I think ssl.ec-curves can also be deprecated.

diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index af69068f..4725bfb5 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -834,19 +834,26 @@ network_init_ssl (server *srv, void *p_d)
                 return -1;
             }
         } else {
+      #if OPENSSL_VERSION_NUMBER < 0x10002000
             /* Default curve */
             nid = OBJ_sn2nid("prime256v1");
+      #else
+            nid = 0;
+            SSL_CTX_set_ecdh_auto(ctx, 1);
+      #endif
         }
-        ecdh = EC_KEY_new_by_curve_name(nid);
-        if (ecdh == NULL) {
-            log_error_write(srv, __FILE__, __LINE__, "ss",
-                            "SSL: Unable to create curve",
-                            s->ssl_ec_curve->ptr);
-            return -1;
+        if (nid) {
+            ecdh = EC_KEY_new_by_curve_name(nid);
+            if (ecdh == NULL) {
+                log_error_write(srv, __FILE__, __LINE__, "ss",
+                                "SSL: Unable to create curve",
+                                s->ssl_ec_curve->ptr);
+                return -1;
+            }
+            SSL_CTX_set_tmp_ecdh(s->ssl_ctx,ecdh);
+            SSL_CTX_set_options(s->ssl_ctx,SSL_OP_SINGLE_ECDH_USE);
+            EC_KEY_free(ecdh);
         }
-        SSL_CTX_set_tmp_ecdh(s->ssl_ctx,ecdh);
-        SSL_CTX_set_options(s->ssl_ctx,SSL_OP_SINGLE_ECDH_USE);
-        EC_KEY_free(ecdh);
       #endif
       #endif
Actions #3

Updated by gstrauss over 6 years ago

Thanks for submitting this patch.

A quick read of your patch:

+            SSL_CTX_set_ecdh_auto(ctx, 1);

won't compile since ctx should be s->ssl_ctx

How have you tested this?

+      #if OPENSSL_VERSION_NUMBER < 0x10002000

How did you choose that version? Is it compatible with LibreSSL value for OPENSSL_VERSION_NUMBER?

Actions #4

Updated by gstrauss over 6 years ago

At least on my build of openssl 1.1.0g, openssl/ssl.h contains:

#if OPENSSL_API_COMPAT < 0x10100000L
/* Provide some compatibility macros for removed functionality. */
...
# define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
...
#endif

Please review what should actually be used instead of SSL_CTX_set_ecdh_auto(ctx, 1); to avoid using deprecated functions. If this is needed for versions > x and < y, then please specify those openssl versions.

Actions #5

Updated by gstrauss over 6 years ago

  • Tracker changed from Bug to Feature
  • Status changed from Invalid to Patch Pending
  • Target version set to 1.4.49
Actions #6

Updated by vimacs over 6 years ago

Oh, it's SSL_CTX_set_ecdh_auto(s->ssl_ctx, 1);

In https://github.com/processone/fast_tls/blob/master/c_src/fast_tls.c there is also:

#if OPENSSL_VERSION_NUMBER >= 0x10100000L || OPENSSL_VERSION_NUMBER < 0x10002000
#undef SSL_CTX_set_ecdh_auto
#define SSL_CTX_set_ecdh_auto(A, B) do {} while(0)
#endif
I checked out the OpenSSL code, and found the commits about CCL_{CTX_}set_ecdh_auto():
  • It's added in e46c807e4f4eedb36dec70576d1562f252ff69a1 (0x10002000L 1.0.2-dev)
  • It's removed in fe6ef2472db933f01b59cad82aa925736935984b (0x10100000L 1.1.0-dev)
  • Compat macros are re-added in 2ecb9f2d18614fb7b7b42830a358b7163ed43221 (0x10100007L 1.1.0-pre7-dev)

So to test SSL_CTX_set_ecdh_auto(s->ssl_ctx, 1), we need to test it with OpenSSL 1.0.2 series.

Actions #7

Updated by gstrauss over 6 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom