View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005262unrealircdpublic2019-05-03 19:582019-05-03 20:07
Reporterk4beAssigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version4.2.3 
Target VersionFixed in Version 
Summary0005262: Problem starting the ircd: "Failed to apply ecdh-curves"
DescriptionA warning appears on every attempt to start:
[warning] Failed to apply ecdh-curves 'secp521r1:secp384r1:prime256v1'. To get a list of supported curves with the appropriate names, run 'openssl ecparam -list_curves' on the server. Separate multiple curves by colon, for example: ecdh-curves "secp521r1:secp384r1".
This causes the boot to fail if there are any SSL listen blocks.

The command "openssl ecparam -list_curves" says there is no "ecparam" subcommand.

Specifying any single set:ssl:ecdh-curves value of the three above does not work too.
Additional InformationVersion strings:
UnrealIRCd-4.2.3. test2.pirc.pl :Fhin6OoEM3 [Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l=4203]
OpenSSL 1.0.2o 27 Mar 2018
PCRE2 10.32 2018-09-10

uname -a:
Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l ARMv7 Processor rev 5 (v7l) Allwinner sun8i Family GNU/Linux

System:
Gentoo Base System release 2.4.1
TagsNo tags attached.
3rd party modules

Activities

syzop

2019-05-03 20:05

administrator   ~0020621

Hmm... I just tried this on Ubuntu 16 with OpenSSL 1.0.2g. It works out of the box.

I am indeed wondering if your architecture has anything to do with it (armv7l), if maybe openssl does not have certain functionality for such archs.... would be odd, though.
If it really is an openssl issue - which it seems - then I doubt it will interest them, since 1.0.2 will only receive security fixes until it is EOL by Dec 31 2019.
:(

syzop

2019-05-03 20:07

administrator   ~0020622

Workaround, in case anyone else has the same problem:
1. Run ./Config first
2. Then open include/setup.h
3. Change this line:
#define HAS_SSL_CTX_SET1_CURVES_LIST /**/
To:
#undef HAS_SSL_CTX_SET1_CURVES_LIST /**/
4. Now run 'make' and 'make install'

Issue History

Date Modified Username Field Change
2019-05-03 19:58 k4be New Issue
2019-05-03 20:05 syzop Note Added: 0020621
2019-05-03 20:07 syzop Note Added: 0020622