-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Elliptic Curve Criptography (ECC) certificate #5509
Comments
What about OpenLDAP? Even if it does not implement TLS policy by now, did you check if it works with an ECC? |
in |
will check for ECC and Ldap @DavidePrincipi How I can build again the rpm nethserver-mail with Travis, the build failed :'( |
Testing casesinstall from testing
Test there is no regressions and no error in templates (check logs) by changing the tls-policy you can check what ciphers are allowed by checking the testssl.sh page Services to tests with testssl.sh and the 20180330 tls policy
testssl.sh should give back the list of cipher, you are looking for The last and ultimate test is to upload a ECC certificate and check that you can use these services. |
in |
I cannot upload an ECC certificate from Server Manager UI :( To generate the certificate i ran these commands on a Fedora 28:
origin: https://msol.io/blog/tech/create-a-self-signed-ecc-certificate/ |
Shall we add DSA support too? |
not much hints, I do not know |
Other commands for QA:
The |
* Check if the TLS policy is compatible * Move inline manual to docs NethServer/dev#5509
in |
TLS policy 20180621 for slapd NethServer/dev#5509
in |
Test case
See also #5509 (comment) |
done https://wiki.nethserver.org/doku.php?id=testing_tls_ssl_encryption |
VERIFICATION
Proposed verified |
Pushed translations to Transifex |
in |
in |
in |
Packages released |
Steps to reproduce
With centos7.5 and the tls policy 20180330 the usage of ECC certificate are not allowed by our ssl policy, the ciphers are not allowed, we have to add :
this page will explain better what cipher to use for ECC (we do not want sslv3)
Expected behavior
No error, if needed we have to allow ECC certificate by a new tls policy (TLS-20180621)
Actual behavior
not allowed
Components
we have to patch these services
hight
in opportunistic mode)KexAlgorithms curve25519-sha256@libssh.org
See also
the older issue in GH : #5438
and the discourse forum: https://community.nethserver.org/t/default-tls-policy-doesnt-allow-connections-with-ecc-certificate/9952
thank danb35
The text was updated successfully, but these errors were encountered: