Closed alanik99 closed 1 year ago
Current version of libnetconf2 does not support this private key algorithm but we are working on a new version that should. However, it will not be released anytime soon.
Ok, thank you!
Btw, could you tell me if secp192r1, secp224r1, secp256r1 algorithms are supported?
At least I tried secp224r1 - it doesn't connect, handshake failure; in logs:
netopeer2-server: [ERR]: LN: SSL_accept failed (no shared cipher)
But I tried secp384r1 and secp521r1 algorithms - they work well (connection is established)
Btw, could you tell me if secp192r1, secp224r1, secp256r1 algorithms are supported?
I do not know many details, it is left up to OpenSSL. The error seems to indicate that the server/client does not accept the shorter key variants because of security, probably. Our server nor the CLI do not support explicit configuration of the accepted key algorithms, which is probably what would be required for the keys to be accepted.
Ok
I'd also like to know about an error netopeer2-server: [ERR]: LN: SSL_accept timeout.
when using rsa15360 server private key.
It connects really long time when using it.
Is it also because of openssl?
Probably, I have never used such a long key and it is all handled internally by OpenSSL anyway, so I cannot tell you anything more about this.
ok, thank you
Hello!
When trying to connect via TLS to server which has x25519 private key, in logs I see
Unknown private key algorithm "x25519"
In netopeer2 sources (https://github.com/CESNET/netopeer2/blob/master/src/netconf_server.c#L53):
So, netopeer doesn't support server private keys besides "rsa" and "secp".
But x25519 and x448 algorithms are presented in ietf-crypto-types.yang:
And as I tested - sysrepocfg accept them without errors when I change
<algorithm>
in ietf-keystore moduleIs it a bug?
-- Regards, Alexander