Closed kimberct closed 6 years ago
Good catch. secp256r1
is in fact prime256v1
. secp256k1
is a Koblitz curve,
FTR:
using curve name prime256v1 instead of secp256r1
Failed to use supplied curve (UNDEF), using secp384r1 instead.
@Angristan I'd rather recommend k1 as it's less likely to be botched by the NSA
NSA is not this script's threat model.
Understood. Would you be open to adding the k1 option to this script (I don't mind making the PR)?
I will do some tests.
Also wanted to note that: if there does, in fact, exist some vulnerability in P-256, it has the potential to be stolen from the NSA, putting many users at risk when there are alternative ciphers with more sensible parameters.
Let's talk again when there is, in fact, a vulnerability in P-256. :)
Hah, alright - it's not implausible given the Dual_EC_DRBG fiasco and strange parameter choice.
Elliptic Curves are kind of a mess... ^^
yeah, I'd much rather prefer Curve25519 or Ed448-Goldilocks but they require openssl 1.1.1 (which clients are unlikely to have updated to yet)...
We should keep an eye on this ticket: https://community.openvpn.net/openvpn/ticket/1116
Curve labeled secp256r1 needs to be secp256k1. At least on 2.4.6.
Nice job on the script. Really glad to see the 2.4-update branch pulled in.