From: Arne Schwabe <a...@rfc2549.org> OpenSSL has a weird way of only reporting EC curves that are implemented in a certain way in the list of all EC curves. Note this fact and point out that also the very important curves X448 and X25519 are affected.
Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097 Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Note: I fixed some typos on-the-fly. See my comments in Gerrit for details. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/366 This mail reflects revision 7 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@lichtenheld.com> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 686ecf7..2b3f4f4 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -2359,8 +2359,10 @@ void show_available_curves(void) { - printf("Consider using openssl 'ecparam -list_curves' as\n" - "alternative to running this command.\n"); + printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n" + "this command.\n" + "Note this output does only list curves/groups that OpenSSL considers as\n" + "builtin EC curves. It does not list additional curves nor X448 or X25519\n"); #ifndef OPENSSL_NO_EC EC_builtin_curve *curves = NULL; size_t crv_len = 0; _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
