#50010 Support ECDSA private keys for TLS
Opened a year ago by firstyear. Modified 9 months ago

Issue Description

Support ECDSA private keys. This is both:

  • Pure ECDSA
  • Mixed RSA + ECDSA support

How this looks today is unknown. However, it doesn't work given:

/opt/dirsrv/sbin/ns-slapd -d 0 -D /opt/dirsrv/etc/dirsrv/slapd-localhost 
Assertion failure: ((*privkey)->keyType) == rsaKey, at /home/william/development/389ds/ds/ldap/servers/slapd/ssl.c:2893
[1]    12717 abort      /opt/dirsrv/sbin/ns-slapd -d 0 -D /opt/dirsrv/etc/dirsrv/slapd-localhost

This is important as it blocks us from using strong future proof cryptographic mechanisms in TLS.

This may be of interest to @mhonek.

Important would be establishment of a ECDSA type in the nss_ssl.py module so we can test this properly and programmatically.

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue set to the milestone: 1.4.1

11 months ago

@mhonek We've just had a request for this in #50160, so it would be great if you could look into this soon! Thanks,

Metadata Update from @mhonek:
- Issue assigned to mhonek

11 months ago

Metadata Update from @mhonek:
- Issue tagged with: RFE, Security

9 months ago

Login to comment on this ticket.