Is ED25519 on DTLS supported?
Rafael Ferrer
eureka6676 at gmail.com
Sun Nov 17 01:43:15 UTC 2019
It's DTLS-OK according to IANA.
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
I tested ED25519 certificates on TLS 1.2 and it worked fine.
openssl s_server -port 4321 -cert server-cert.pem -key server-key.pem
-CAfile client-cert.pem -tls1_2 -sigalgs ed25519
openssl s_client -bind localhost:1234 -connect localhost:4321 -cert
client-cert.pem -key client-key.pem -CAfile server-cert.pem -tls1_2
-sigalgs ed25519
But I get a "no shared cipher" error (on the server) if I just replace
-tls1_2 with -dtls1_2 on those two commands.
The certs and keys are self-signed for both the server and client and where
generated by this command.
openssl req -x509 -newkey ed25519 -subj "/CN=localhost" -nodes -addext
keyUsage=digitalSignature -keyout key.pem -out cert.pem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191117/e9bf2abd/attachment.html>
More information about the openssl-users
mailing list