Project

General

Profile

Bug #2978

parsing fails for multiple curve values with ssl.openssl.ssl-conf-cmd

Added by vfXMUPD24 3 months ago. Updated 3 months ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
TLS
Target version:
-
Start date:
2019-09-01
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Maybe I am doing something wrong with the syntax, albeit the online documentation is a bit sparse on the subject, or simply expecting something that is not implemented, however settings multiple (more than one) curve value

ssl.openssl.ssl-conf-cmd = ( "Curves" => "X25519, secp384r1" )

fails with:

(mod_openssl.c.748) SSL: SSL_CONF_cmd Curves X25519, secp384r1 : error:1414E180:SSL routines:SSL_CONF_cmd:bad value
(server.c.1240) Initialization of plugins failed. Going down.

Whilst

ssl.ec-curve = "X25519:prime256:secp384r1" 

does not exhibit the issue.

lighttpd - 1.4.54-1.0
lighttpd-https-cert - 5-0.0
lighttpd-mod-alias - 1.4.54-1.0
lighttpd-mod-cgi - 1.4.54-1.0
lighttpd-mod-fastcgi - 1.4.54-1.0
lighttpd-mod-openssl - 1.4.54-1.0
lighttpd-mod-proxy - 1.4.54-1.0
lighttpd-mod-redirect - 1.4.54-1.0
lighttpd-mod-setenv - 1.4.54-1.0
OpenSSL 1.1.1c

History

#1

Updated by stbuehler 3 months ago

  • Status changed from New to Invalid
  • Target version deleted (1.4.x)

The data given in ssl.openssl.ssl-conf-cmd is simply forwarded to openssl.

Read https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html for the correct syntax ("The value argument is a colon separated list of groups.") or just use the already working one you have for ssl.ec-curve.

#2

Updated by vfXMUPD24 3 months ago

thanks for the pointer, perhaps should have been obvious considering the same syntax for ssl.ec-curve

Also available in: Atom