On 24/12/2016 14:33, i...@binarus.de wrote:
... I had some private communication with a very helpful and experienced
> person in the meantime, and he detailed to me that no Linux > Distribution (possibly with one exception) uses an OpenSSL version > which supports X25519. Furthermore, the OpenSSL versions which claim > to support 25519 seem to be buggy / broken (openssl ecparam -list_curves > does not show 25519 although it is claimed to be there; tested with > OpenSSL 1.1.0c yesterday).
I believe this may be because Ed25519 and X25519 use slightly different operations than the standard curves and thus cannot simply be popped into the generic functions that handle the NIST, BrainPool etc. curves with common code for e.g. ECDSA, ECDHE etc. Because the -list_curves command line option is a wrapper around functions that map strings to arguments for those generic EC functions, it doesn't list curves that won't work in that particular context. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
