ECDSA and SHA256 certificates
Posted: Fri Apr 01, 2016 3:56 pm
I tried to setup a VPN with ECDSA and SHA256 certificates on Debian with the most recent OpenVPN version from it's repositories (v.2.3.4). It didn't work.
I did a bit of googling and found out, that the combination of ECDSA and SHA256 apparently isn't supported in OpenVPN 2.3.x. According to ONE post I found, it was supposed to be working with the current git version. That post was from 2014. I checked out the repo and built the thing. It still doesn't work.
Now, I'm asking myself whether that post was lying, or if I'm doing it wrong. Do ECDSA with SHA256 certificates work with the current git tree (as of April 2016)? If not, what about SHA384 or SHA 512? All the posts only mention ECDSA not working with SHA256 but don't mention SHA384 or SHA512. What other (secure) hash algorithms can be used with ECDSA?
It's been hard to come by what little information I've managed to gather about this subject. It would seem, ECC isn't very popular with OpenVPN at the moment. I'd be thankful if someone could help me out.
I did a bit of googling and found out, that the combination of ECDSA and SHA256 apparently isn't supported in OpenVPN 2.3.x. According to ONE post I found, it was supposed to be working with the current git version. That post was from 2014. I checked out the repo and built the thing. It still doesn't work.
Now, I'm asking myself whether that post was lying, or if I'm doing it wrong. Do ECDSA with SHA256 certificates work with the current git tree (as of April 2016)? If not, what about SHA384 or SHA 512? All the posts only mention ECDSA not working with SHA256 but don't mention SHA384 or SHA512. What other (secure) hash algorithms can be used with ECDSA?
It's been hard to come by what little information I've managed to gather about this subject. It would seem, ECC isn't very popular with OpenVPN at the moment. I'd be thankful if someone could help me out.