[CentOS] Support for ECDSA in OpenSSL?
Robert Moskowitz
rgm at htt-consult.com
Fri Apr 25 12:53:27 UTC 2014
On 04/25/2014 08:07 AM, Reindl Harald wrote:
>
> Am 25.04.2014 13:57, schrieb Robert Moskowitz:
>> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
>>
>> How do I test if this works? (though I should probably ask this on the
>> OpenSSL list)
>>
>> The reason I suspect a problem is that HIPL for Centos
>> (http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity,
>> whereas my Fedora installation IS creating the ECDSA HI
> the OpenSSL version does (one of the news in 6.5)
> but sadly OpenSSH was not rebuilt against the new OpenSSL
> so no, currently no ECDSA before RHEL7-Beta1
Harald, I thank you for this insight. It seems when I hit a truly
knotty issue you come through with the pointers to get me going in the
right direction.
This is not OpenSSH, but HIP for Linux.
The HIPL binaries for Centos were compiled on a 6.5 system with all
current updates. Or so the developer told me :)
Is there some switch that is needed?
> here you go for the history
> https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108
Interesting and so sad. I did a lot of review of drafts for rfc6090
with Dr. McGrew; more on style than math ("David, I don't understand
what you are trying to say here." ;) ). Plus look at the errata pages;
cfrg is talking about issuing a new rfc to include all the errata.
The supposed inside story is that NSA got really upset that their
licensing of the patents was not getting them COTS products, as sales to
DoD is a small portion for these vendors. So Kevin joined David as
co-author.
This is mission critical. We can live with RSA for the pilot, but MUST
be on ECDSA for launch. Since my day job is a major RedHat customer, I
can have someone from that side of the company do a bug submission
against RH6 to get this addressed.
More information about the CentOS
mailing list