Feature #2833
closedUsing X25519 Key exchange
Description
I am on lighttpd/1.4.48-devel-lighttpd-1.4.47-1-g6a17133 (ssl) - a light and fast webserver
compiled with openssl dev version 1.1.1
By default, the key exchange algorithm on lighttpd is "prime256v1"
When i do an openssl test on the server, the response is:
Server Temp Key: ECDH, P-256, 256 bits
I tried to specify the ec curve to use in lighttpd.conf:
ssl.ec-curve = "x25519"
I get an error:
lighttpd26839: Starting lighttpd: 2017-10-25 14:30:01: (mod_openssl.c.771) SSL: Unknown curve name x25519
when I tried using :
ssl.ec-curve = "X25519"
I get error: Starting lighttpd: 2017-10-25 14:31:23: (mod_openssl.c.782) SSL: Unable to create curve X25519
Am I doing something wrong? Most websites are using X25519 as key exchange algorithm
Best Regards,
Codarren
Updated by stbuehler about 7 years ago
- Status changed from New to Invalid
- Target version deleted (
1.4.48)
lighttpd only forwards the curve name to openssl (namely the OBJ_sn2nid function). openssl ecparam -list_curves might show which curves are supported on your system.
Updated by vimacs almost 7 years ago
You can use the following patch. Now OpenSSL enables ECDH and has default curves enabled by default (including X25519), so I think ssl.ec-curves can also be deprecated.
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index af69068f..4725bfb5 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -834,19 +834,26 @@ network_init_ssl (server *srv, void *p_d)
return -1;
}
} else {
+ #if OPENSSL_VERSION_NUMBER < 0x10002000
/* Default curve */
nid = OBJ_sn2nid("prime256v1");
+ #else
+ nid = 0;
+ SSL_CTX_set_ecdh_auto(ctx, 1);
+ #endif
}
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL) {
- log_error_write(srv, __FILE__, __LINE__, "ss",
- "SSL: Unable to create curve",
- s->ssl_ec_curve->ptr);
- return -1;
+ if (nid) {
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL) {
+ log_error_write(srv, __FILE__, __LINE__, "ss",
+ "SSL: Unable to create curve",
+ s->ssl_ec_curve->ptr);
+ return -1;
+ }
+ SSL_CTX_set_tmp_ecdh(s->ssl_ctx,ecdh);
+ SSL_CTX_set_options(s->ssl_ctx,SSL_OP_SINGLE_ECDH_USE);
+ EC_KEY_free(ecdh);
}
- SSL_CTX_set_tmp_ecdh(s->ssl_ctx,ecdh);
- SSL_CTX_set_options(s->ssl_ctx,SSL_OP_SINGLE_ECDH_USE);
- EC_KEY_free(ecdh);
#endif
#endif
Updated by gstrauss almost 7 years ago
Thanks for submitting this patch.
A quick read of your patch:
+ SSL_CTX_set_ecdh_auto(ctx, 1);
won't compile since ctx should be s->ssl_ctx
How have you tested this?
+ #if OPENSSL_VERSION_NUMBER < 0x10002000
How did you choose that version? Is it compatible with LibreSSL value for OPENSSL_VERSION_NUMBER?
Updated by gstrauss almost 7 years ago
At least on my build of openssl 1.1.0g, openssl/ssl.h contains:
#if OPENSSL_API_COMPAT < 0x10100000L /* Provide some compatibility macros for removed functionality. */ ... # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) ... #endif
Please review what should actually be used instead of SSL_CTX_set_ecdh_auto(ctx, 1); to avoid using deprecated functions. If this is needed for versions > x and < y, then please specify those openssl versions.
Updated by gstrauss almost 7 years ago
- Tracker changed from Bug to Feature
- Status changed from Invalid to Patch Pending
- Target version set to 1.4.49
Updated by vimacs almost 7 years ago
Oh, it's SSL_CTX_set_ecdh_auto(s->ssl_ctx, 1);
In https://github.com/processone/fast_tls/blob/master/c_src/fast_tls.c there is also:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || OPENSSL_VERSION_NUMBER < 0x10002000
#undef SSL_CTX_set_ecdh_auto
#define SSL_CTX_set_ecdh_auto(A, B) do {} while(0)
#endif
- It's added in e46c807e4f4eedb36dec70576d1562f252ff69a1 (0x10002000L 1.0.2-dev)
- It's removed in fe6ef2472db933f01b59cad82aa925736935984b (0x10100000L 1.1.0-dev)
- Compat macros are re-added in 2ecb9f2d18614fb7b7b42830a358b7163ed43221 (0x10100007L 1.1.0-pre7-dev)
So to test SSL_CTX_set_ecdh_auto(s->ssl_ctx, 1), we need to test it with OpenSSL 1.0.2 series.
Updated by gstrauss almost 7 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset 76b9b1fa46e82d6bd31b71e69ef0893098f5f6d5.
Also available in: Atom