Author Topic: Proftpd not recognizing X25519 curve  (Read 130 times)

Offline xelneon

  • New user
  • *
  • Posts: 12
    • View Profile
Proftpd not recognizing X25519 curve
« on: July 13, 2017, 01:23:35 am »
Hello,

I've compiled Proftpd 1.3.6 against OpenSSL 1.1.0f and set X25519 as the ECDH curve, but it gives this error:

fatal: TLSECDHCurve: unable to create 'X25519' EC curve: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group on line 45 of '/opt/proftpd/etc/proftpd.conf'

Other software such as nginx is able to handle this, so maybe there's a better option to handle this in the OpenSSL API? Also, the TLSECDHCurve option only seems to allow one curve to be listed(?), it would be nice if you could specify a list of curves, other software such as nginx allows this and even has it in server preferred order.

Thanks

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5394
    • View Profile
    • http://www.castaglia.org/
Re: Proftpd not recognizing X25519 curve
« Reply #1 on: July 13, 2017, 03:32:18 am »
By default, OpenSSL has a builtin set of supported curves, including X25519; configuring that curve explicitly may not work as you'd expect, and *not* configuring it explicitly might work as you'd want.  See, for example:

  https://github.com/openssl/openssl/issues/2188

Offline xelneon

  • New user
  • *
  • Posts: 12
    • View Profile
Re: Proftpd not recognizing X25519 curve
« Reply #2 on: July 13, 2017, 08:27:55 am »
Interesting, thanks for that link. So, is there no way to specify multiple curves in the proftpd configuration? By default, there's a builtin set of curves, as you said, but I don't want them all enabled, only a select few.

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5394
    • View Profile
    • http://www.castaglia.org/
Re: Proftpd not recognizing X25519 curve
« Reply #3 on: July 13, 2017, 03:02:08 pm »
Currently the TLSECDHCurve directive only takes a single curve name; you could open a ticket on GitHub to enhance that directive to support a list of curves; I could probably get that fixed/done later tonight.

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5394
    • View Profile
    • http://www.castaglia.org/
Re: Proftpd not recognizing X25519 curve
« Reply #4 on: July 14, 2017, 02:09:58 am »
For future readers of this post; see:

   https://github.com/proftpd/proftpd/issues/534