TLS 1.2 with X25519 certificate

10 views
Skip to first unread message

Weather Guy

unread,
Apr 20, 2022, 10:32:33 PMApr 20
to
Here is the big picture: I have a locally generated CA with RSA key pair. Then, another certificate (RSA key pair) signed by the local CA -- I'll call it the server certificate. There's also a certificate with P-256 EC key pair (also signed by the local CA) -- the client certificate.

With openssl s_server and s_client I can get a TLS 1.2 connection with verification options on the connection. So far so good.

Now, there's another EC key pair (X25519) and associated certificate signed by the same local CA (with RSA signature). Note: I had to use the -force_pubkey to generate this certificate. The problem is, openssl s_client refuses to use this certificate to in making a TLS 1.2 connection.

I'm sure I haven't given enough info here, so ask for more, but what gives? Why doesn't this work, and can it be made to work?
Reply all
Reply to author
Forward
0 new messages