angristan
commented
6 years ago Good catch. secp256r1 is in fact prime256v1. secp256k1 is a Koblitz curve,
Closed kimberct closed 6 years ago
angristan
commented
6 years ago Good catch. secp256r1 is in fact prime256v1. secp256k1 is a Koblitz curve,
angristan
commented
6 years ago FTR:
using curve name prime256v1 instead of secp256r1Failed to use supplied curve (UNDEF), using secp384r1 instead.angristan
commented
6 years ago 
iProdigy
commented
6 years ago @Angristan I'd rather recommend k1 as it's less likely to be botched by the NSA
angristan
commented
6 years ago NSA is not this script's threat model.
iProdigy
commented
6 years ago Understood. Would you be open to adding the k1 option to this script (I don't mind making the PR)?
angristan
commented
6 years ago I will do some tests.
iProdigy
commented
5 years ago Also wanted to note that: if there does, in fact, exist some vulnerability in P-256, it has the potential to be stolen from the NSA, putting many users at risk when there are alternative ciphers with more sensible parameters.
angristan
commented
5 years ago Let's talk again when there is, in fact, a vulnerability in P-256. :)
iProdigy
commented
5 years ago Hah, alright - it's not implausible given the Dual_EC_DRBG fiasco and strange parameter choice.
angristan
commented
5 years ago Elliptic Curves are kind of a mess... ^^
iProdigy
commented
5 years ago yeah, I'd much rather prefer Curve25519 or Ed448-Goldilocks but they require openssl 1.1.1 (which clients are unlikely to have updated to yet)...
iProdigy
commented
5 years ago We should keep an eye on this ticket: https://community.openvpn.net/openvpn/ticket/1116
Curve labeled secp256r1 needs to be secp256k1. At least on 2.4.6.
Nice job on the script. Really glad to see the 2.4-update branch pulled in.