libssl: support for ed25519 server certificates

Question

libssl: support for ed25519 server certificates

MelznerDSA opened this issue a year ago · 6 comments

As written in the release notes of version 3.7.0, the support of Ed25519 was added.

However I tried out the command line tool s_client of that version and I don't see in Wireshark that the client offers that algorithm.
Do I need to use some special parameter for the client to activate that?

Answer 1 · 2023-03-08T16:59:34.000Z

We added support for the cryptographic primitive in libcrypto. Support for the signature algorithm has not yet been added to libssl. It is very easy to do for TLSv1.3 (I have a diff for that somewhere), but it needed a bit more thought for TLSv1.2 (which is the old implementation). I cannot guarantee that this will make the 3.7-stable release.

Answer 2 · 2023-03-08T17:15:40.000Z

Ok, thanks

Answer 3 · 2023-03-17T09:34:19.000Z

Is there a way to speed this port up?
We tryied a workaround but it didn't solve the issue.
Is there a release dated scheduled?

Answer 4 · 2023-03-17T09:51:28.000Z

Is there a way to speed this port up?

Not really. It is definitely too late for new features in this release cycle - the OpenBSD tree is almost locked for new features. It will have to wait for LibreSSL 3.8.

We tryied a workaround but it didn't solve the issue.

I'm not sure I follow. The initial question was why Ed25519 is not offered in the handshake. What's missing is some code to support the signature algorithm in libssl. This requires changes in how some signatures are calculated since Ed25519 works differently from the other, currently supported, sigalgs. This isn't difficult to do, but it needs to be done and, more importantly, tested before the release artifacts are built.

Is there a release dated scheduled?

Stable releases are usually around May 1 and November 1, sometimes a bit earlier.

Answer 5 · 2023-03-18T16:04:24.000Z

We tryied a workaround but it didn't solve the issue.

What exactly are you trying to workaround?

Answer 6 · 2023-03-20T12:24:10.000Z

A customer had a server certificate with ED25519. I disabled the server certificate check itself in the client (tls_config_insecure_noverifycert) as a workaround to get at least a connection, but the handshake still failed. Probably because of the ephemeral key.