[tech] LibreSSL and ed25519 (Re: [users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/)

Katarina Eriksson gmym at coopdot.com
Tue Mar 16 16:07:32 GMT 2021


On Tuesday, March 16, 2021 11:40 AM, Stephane Bortzmeyer <stephane at sources.org> wrote:

> On Tue, Mar 16, 2021 at 11:30:14AM +0100,
> Omar Polo op at omarpolo.com wrote
> a message of 44 lines which said:
>
> > not a tls experts, but I think my issues are caused by the ed25519 key.
> > I recall reading something that libressl don't support those keys yet
>
> If so, this is certainly a serious problem with LibreSSL. RFC 8410,
> which added these keys in certificates, is already 2.5 years old.
>
> According to Lupa
> gemini://gemini.bortzmeyer.org/software/lupa/stats.gmi, 8 capsules
> use this type of key. Can you connect to them:

There are a bunch of "no shared cipher" in the log, so I guess we'll have to switch to ECDSA then.  I thought ED25519 would be more widespread in capsules by now, that's what I get for forgetting valuable tools such as Lupa exists.

LibreSSL should have support for ED25519 since this commit:

https://github.com/openbsd/src/commit/0ad90c3e6b15b9b6b8463a8a0f87d70c83a07ef4

--
Katarina


More information about the Gemini mailing list