Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't manually setup EC curves with x25519 #277

O2Graphics opened this issue Feb 2, 2017 · 2 comments


Copy link

@O2Graphics O2Graphics commented Feb 2, 2017


Using nginx 1.11.9 with LibreSSL 2.5.1 on FreeBSD, I can't manually setup the EC curves including x25519.

In nginx, if I don't setup "ssl_ecdh_curve" at all, the server is reporting: "x25519, secp256r1, secp384r1" (correct behavior, like mentionned in LibreSSL 2.5.1 changelog).

If I setup: ssl_ecdh_curve secp521r1:secp384r1:secp256k1:prime256v1:secp224r1;
the server correctly report: "secp521r1, secp384r1, secp256k1, secp256r1, secp224r1" (that's correct too)

But if I setup: ssl_ecdh_curve x25519:secp521r1:secp384r1:secp256k1:prime256v1:secp224r1;
or any combination of curves including "x25519", nginx throws this error:
nginx: [emerg] SSL_CTX_set1_curves_list("x25519:secp521r1:secp384r1:secp256k1:prime256v1:secp224r1") failed (SSL:)

Also, running this command: /usr/local/bin/openssl ecparam -list_curves, I don't see any mention of x25519, I guess it should be present like all others curves, right?

This binary is the last version of LibreSSL:
# /usr/local/bin/openssl version
LibreSSL 2.5.1

Best Regards.


This comment has been minimized.

Copy link

@O2Graphics O2Graphics commented Feb 3, 2017

Well, after checking the sources, I found out we need to use "X25519", not "x25519".

Not sure if /usr/local/bin/openssl ecparam -list_curves should list X25519 somewhere or can this issue be closed?


This comment has been minimized.

Copy link

@4a6f656c 4a6f656c commented Feb 3, 2017

Correct - it is named X25519, not x25519 (and unfortunately capitalisation matters here). FWIW openssl s_client -groups x25519' would have also failed, as does openssl s_client -groups Prime256v1'.

X25519 will not appear in `openssl ecparam -list_curves' - it is not a regular EC curve (Curve25519 is specifically designed as a Diffie-Hellman function) and in addition to this, there is currently no EVP implementation for it in LibreSSL (largely due to the fact that it does not fit the "standard" EC implementation).

@4a6f656c 4a6f656c closed this Feb 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.