View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005262 | unreal | ircd | public | 2019-05-03 19:58 | 2019-11-20 17:27 |
| Reporter | k4be | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 4.2.3 | ||||
| Summary | 0005262: Problem starting the ircd: "Failed to apply ecdh-curves" | ||||
| Description | A warning appears on every attempt to start: [warning] Failed to apply ecdh-curves 'secp521r1:secp384r1:prime256v1'. To get a list of supported curves with the appropriate names, run 'openssl ecparam -list_curves' on the server. Separate multiple curves by colon, for example: ecdh-curves "secp521r1:secp384r1". This causes the boot to fail if there are any SSL listen blocks. The command "openssl ecparam -list_curves" says there is no "ecparam" subcommand. Specifying any single set:ssl:ecdh-curves value of the three above does not work too. | ||||
| Additional Information | Version strings: UnrealIRCd-4.2.3. test2.pirc.pl :Fhin6OoEM3 [Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l=4203] OpenSSL 1.0.2o 27 Mar 2018 PCRE2 10.32 2018-09-10 uname -a: Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l ARMv7 Processor rev 5 (v7l) Allwinner sun8i Family GNU/Linux System: Gentoo Base System release 2.4.1 | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Hmm... I just tried this on Ubuntu 16 with OpenSSL 1.0.2g. It works out of the box. I am indeed wondering if your architecture has anything to do with it (armv7l), if maybe openssl does not have certain functionality for such archs.... would be odd, though. If it really is an openssl issue - which it seems - then I doubt it will interest them, since 1.0.2 will only receive security fixes until it is EOL by Dec 31 2019. :( |
|
|
Workaround, in case anyone else has the same problem: 1. Run ./Config first 2. Then open include/setup.h 3. Change this line: #define HAS_SSL_CTX_SET1_CURVES_LIST /**/ To: #undef HAS_SSL_CTX_SET1_CURVES_LIST /**/ 4. Now run 'make' and 'make install' |
|
|
I think this one can be closed since it seems to apply to some old OpenSSL that will be unsupported 6 weeks from now. Thanks for the report though, glad it isn't any bigger than this specific type of system and old openssl. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-05-03 19:58 | k4be | New Issue | |
| 2019-05-03 20:05 | syzop | Note Added: 0020621 | |
| 2019-05-03 20:07 | syzop | Note Added: 0020622 | |
| 2019-11-20 17:27 | syzop | Assigned To | => syzop |
| 2019-11-20 17:27 | syzop | Status | new => closed |
| 2019-11-20 17:27 | syzop | Resolution | open => no change required |
| 2019-11-20 17:27 | syzop | Note Added: 0021113 |
