On 08/13/2011 04:28 AM, Dave Thompson wrote: > Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert > signed ECDSA+SHA1
Now, this is interesting. I have tried an OpenVPN setup using elliptic curves certificates generated with OpenSSL 1.0.0, and in fact I've found that I couldn't use SHA-256 nor SHA-512. I thought it was an OpenVPN's issue, but then it seems it's not the case. See: https://forums.openvpn.net/topic8404-15.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org