Re: [Openvpn-users] ECDH / ECDSA support?
Hi, On 08/07/16 11:10, David Sommerseth wrote: > On 08/07/16 00:24, Jan Just Keijser wrote: >> Hi, >> >> On 07/07/16 09:15, Steffan Karger wrote: >>> Hi Scott, >>> >>> On Wed, Jul 6, 2016 at 9:18 PM, Scott Crooks wrote: I saw this file in the OpenVPN codebase: https://github.com/OpenVPN/openvpn/blob/master/README.ec Which claims that support for elliptic curve certificates will be enabled in OpenVPN 2.4.0. Just wanting to make sure there wasn't another way to enable it in version 2.3.10? >>> Yes, use an mbed TLS build. That will automatically support ECDSA and >>> ECDH. I *think* (can't test right now) that ECDSA also works fine >>> with 2.3.10 + modern OpenSSL (1.0.1+, iirc). ECDH might also work >>> with OpenSSL 1.0.2+. >>> >>> But, by far the easiest way is to just use the master branch. It is >>> quite stable, and has full EC support, for both mbed TLS and OpenSSL. >>> >>> >> I concur mostly with Steffan, with a few notes: >> >> - with mbed TLS ECDSA works "out of the box" >> - with OpenSSL, you need a version that supports it; notably, RedHat >> strips ALL elliptic curve support from their supplied versions of openssn > Really? I'm on Scientific Linux 7.2 (RHEL 7.2 clone) ... and I can do this: > > $ openssl speed ecdsap521 > Doing 521 bit sign ecdsa's for 10s: 27835 521 bit ECDSA signs in 10.01s > Doing 521 bit verify ecdsa's for 10s: 5518 521 bit ECDSA verify in 10.00s > OpenSSL 1.0.1e-fips 11 Feb 2013 > built on: Mon May 9 01:19:53 CDT 2016 > options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) > aes(partial) idea(int) blowfish(idx) > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 > -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches >-m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM > -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM >signverifysign/s verify/s > 521 bit ecdsa (nistp521) 0.0004s 0.0018s 2780.7551.8 > > [...] > In addition 'openssl ec' and 'openssl ecparam' works too. And 'openssl > speed' also provides possibilities to test ecdsap256, ecdsap384, ecdsa, > ecdhp256, ecdhp384, ecdhp521, ecdh in addition to ecdsap521 in the > example above. > > Or have I misunderstood something? With that said, I don't know how it > is with EC support on EL6, and I doubt it is available on EL5 releases. > it seems to depend on the RH (or derived) distro: on my fedora 22 box I see a difference in ciphers -V between the OS version of OpenSSL and a custom built version: < 0xC0,0x02 - ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 < 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 < 0xC0,0x04 - ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 < 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 54,57d36 < 0xC0,0x0C - ECDH-RSA-RC4-SHASSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 < 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 < 0xC0,0x0E - ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 < 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 70,71d42 < 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 < 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 74,75d44 < 0xC0,0x29 - ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 < 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 78,79d46 < 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD < 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD 82,83d48 < 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD < 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD but those ciphers *are* present on a CentOS 7.2 box. My advice remains: check whether your openssl version supports the type of EC crypto that you desire. cheers, JJK -- Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for e
Re: [Openvpn-users] ECDH / ECDSA support?
On 08/07/16 00:24, Jan Just Keijser wrote: > Hi, > > On 07/07/16 09:15, Steffan Karger wrote: >> Hi Scott, >> >> On Wed, Jul 6, 2016 at 9:18 PM, Scott Crooks wrote: >>> I saw this file in the OpenVPN codebase: >>> https://github.com/OpenVPN/openvpn/blob/master/README.ec >>> >>> Which claims that support for elliptic curve certificates will be enabled in >>> OpenVPN 2.4.0. Just wanting to make sure there wasn't another way to enable >>> it in version 2.3.10? >> Yes, use an mbed TLS build. That will automatically support ECDSA and >> ECDH. I *think* (can't test right now) that ECDSA also works fine >> with 2.3.10 + modern OpenSSL (1.0.1+, iirc). ECDH might also work >> with OpenSSL 1.0.2+. >> >> But, by far the easiest way is to just use the master branch. It is >> quite stable, and has full EC support, for both mbed TLS and OpenSSL. >> >> > I concur mostly with Steffan, with a few notes: > > - with mbed TLS ECDSA works "out of the box" > - with OpenSSL, you need a version that supports it; notably, RedHat > strips ALL elliptic curve support from their supplied versions of openssn Really? I'm on Scientific Linux 7.2 (RHEL 7.2 clone) ... and I can do this: $ openssl speed ecdsap521 Doing 521 bit sign ecdsa's for 10s: 27835 521 bit ECDSA signs in 10.01s Doing 521 bit verify ecdsa's for 10s: 5518 521 bit ECDSA verify in 10.00s OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Mon May 9 01:19:53 CDT 2016 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM signverifysign/s verify/s 521 bit ecdsa (nistp521) 0.0004s 0.0018s 2780.7551.8 $ openssl ciphers | tr : \\n | grep EC ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDH-RSA-AES256-GCM-SHA384 ECDH-ECDSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA384 ECDH-ECDSA-AES256-SHA384 ECDH-RSA-AES256-SHA ECDH-ECDSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDH-RSA-AES128-GCM-SHA256 ECDH-ECDSA-AES128-GCM-SHA256 ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES128-SHA ECDH-ECDSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-ECDSA-RC4-SHA ECDH-RSA-RC4-SHA ECDH-ECDSA-RC4-SHA In addition 'openssl ec' and 'openssl ecparam' works too. And 'openssl speed' also provides possibilities to test ecdsap256, ecdsap384, ecdsa, ecdhp256, ecdhp384, ecdhp521, ecdh in addition to ecdsap521 in the example above. Or have I misunderstood something? With that said, I don't know how it is with EC support on EL6, and I doubt it is available on EL5 releases. -- kind regards, David Sommerseth -- Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] ECDH / ECDSA support?
Hi, On 07/07/16 09:15, Steffan Karger wrote: > Hi Scott, > > On Wed, Jul 6, 2016 at 9:18 PM, Scott Crooks wrote: >> I saw this file in the OpenVPN codebase: >> https://github.com/OpenVPN/openvpn/blob/master/README.ec >> >> Which claims that support for elliptic curve certificates will be enabled in >> OpenVPN 2.4.0. Just wanting to make sure there wasn't another way to enable >> it in version 2.3.10? > Yes, use an mbed TLS build. That will automatically support ECDSA and > ECDH. I *think* (can't test right now) that ECDSA also works fine > with 2.3.10 + modern OpenSSL (1.0.1+, iirc). ECDH might also work > with OpenSSL 1.0.2+. > > But, by far the easiest way is to just use the master branch. It is > quite stable, and has full EC support, for both mbed TLS and OpenSSL. > > I concur mostly with Steffan, with a few notes: - with mbed TLS ECDSA works "out of the box" - with OpenSSL, you need a version that supports it; notably, RedHat strips ALL elliptic curve support from their supplied versions of openssn - then, in order to use ECDSA certs it is best to run the master branch on the server, as you will need to specify a ecdh-curve parameter in order to use SHA2+ECDSA. - for the *client* you can stick with 2.3.10+ as long as the OpenSSL lib supports EC. HTH, JJK -- Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] ECDH / ECDSA support?
Hi Scott, On Wed, Jul 6, 2016 at 9:18 PM, Scott Crooks wrote: > I saw this file in the OpenVPN codebase: > https://github.com/OpenVPN/openvpn/blob/master/README.ec > > Which claims that support for elliptic curve certificates will be enabled in > OpenVPN 2.4.0. Just wanting to make sure there wasn't another way to enable > it in version 2.3.10? Yes, use an mbed TLS build. That will automatically support ECDSA and ECDH. I *think* (can't test right now) that ECDSA also works fine with 2.3.10 + modern OpenSSL (1.0.1+, iirc). ECDH might also work with OpenSSL 1.0.2+. But, by far the easiest way is to just use the master branch. It is quite stable, and has full EC support, for both mbed TLS and OpenSSL. -Steffan -- Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] ECDH / ECDSA support?
Greetings, I saw this file in the OpenVPN codebase: https://github.com/OpenVPN/openvpn/blob/master/README.ec Which claims that support for elliptic curve certificates will be enabled in OpenVPN 2.4.0. Just wanting to make sure there wasn't another way to enable it in version 2.3.10? -- Scott Crooks (王虎) LinkedIn: http://www.linkedin.com/in/jshcrooks -- Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
