I tried to setup a VPN with ECDSA and SHA256 certificates on Debian with the most recent OpenVPN version from it's repositories (v.2.3.4). It didn't work.
I did a bit of googling and found out, that the combination of ECDSA and SHA256 apparently isn't supported in OpenVPN 2.3.x. According to ONE post I found, it was supposed to be working with the current git version. That post was from 2014. I checked out the repo and built the thing. It still doesn't work.
Now, I'm asking myself whether that post was lying, or if I'm doing it wrong. Do ECDSA with SHA256 certificates work with the current git tree (as of April 2016)? If not, what about SHA384 or SHA 512? All the posts only mention ECDSA not working with SHA256 but don't mention SHA384 or SHA512. What other (secure) hash algorithms can be used with ECDSA?
It's been hard to come by what little information I've managed to gather about this subject. It would seem, ECC isn't very popular with OpenVPN at the moment. I'd be thankful if someone could help me out.
ECDSA and SHA256 certificates
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: ECDSA and SHA256 certificates
Not sure .. there is not much documentation about this probably because it is so closely tied to openssl .. trial and error .. if you post some clear details (openvpn config files .. vars file from easyrsa) I will see what I can do ..randolf wrote:Do ECDSA with SHA256 certificates work with
Also, you may find this useful:
https://community.openvpn.net/openvpn/w ... twareRepos