Centos6 x86_64
Guus Sliepen
guus at tinc-vpn.org
Wed Mar 19 19:37:24 CET 2014
On Wed, Mar 19, 2014 at 09:58:16AM -0600, Andrew Burns wrote:
> On Wed, Mar 19, 2014 at 9:34 AM, perry <perry at couprie.net> wrote:
>
> > I just tried to generate keys for tinc.
> >
> > /usr/sbin/tinc generate-keys
> >
> > When generating the key, the rsa key are generated.
> > But ik get de following error, what does it means.
> >
> > Generating ECDSA keypair:
> > Generating EC key failed: error:100AE081:elliptic curve
> > routines:EC_GROUP_new_by_curve_name:unknown groupError during key
> > generation!
>
> Sounds like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1022468
>
> OpenSSL shipped in RHEL-6.5 supports only two curves, ones specified in Suite B.
> It does advertise support for all of the upstream ones in Client Hello
> message in elliptic_curves extension.
Indeed. It is very unfortunate that RedHat arbitrarily disables some features
in their OpenSSL packages. You could try to recompile OpenSSL yourself, it is
not that hard but perhaps not something you want to do.
Note that by the time tinc tries to generate your keys, it has already set up
most of the configuration files. Tinc 1.1pre10 can also run without ECDSA keys,
it just does not enable the new protocol then.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140319/18e120bf/attachment-0001.sig>
More information about the tinc
mailing list