View Issue Details

IDProjectCategoryView StatusLast Update
0005262unrealircdpublic2019-11-20 17:27
Reporterk4be Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version4.2.3 
Summary0005262: Problem starting the ircd: "Failed to apply ecdh-curves"
DescriptionA warning appears on every attempt to start:
[warning] Failed to apply ecdh-curves 'secp521r1:secp384r1:prime256v1'. To get a list of supported curves with the appropriate names, run 'openssl ecparam -list_curves' on the server. Separate multiple curves by colon, for example: ecdh-curves "secp521r1:secp384r1".
This causes the boot to fail if there are any SSL listen blocks.

The command "openssl ecparam -list_curves" says there is no "ecparam" subcommand.

Specifying any single set:ssl:ecdh-curves value of the three above does not work too.
Additional InformationVersion strings:
UnrealIRCd-4.2.3. test2.pirc.pl :Fhin6OoEM3 [Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l=4203]
OpenSSL 1.0.2o 27 Mar 2018
PCRE2 10.32 2018-09-10

uname -a:
Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l ARMv7 Processor rev 5 (v7l) Allwinner sun8i Family GNU/Linux

System:
Gentoo Base System release 2.4.1
TagsNo tags attached.
3rd party modules

Activities

syzop

2019-05-03 20:05

administrator   ~0020621

Hmm... I just tried this on Ubuntu 16 with OpenSSL 1.0.2g. It works out of the box.

I am indeed wondering if your architecture has anything to do with it (armv7l), if maybe openssl does not have certain functionality for such archs.... would be odd, though.
If it really is an openssl issue - which it seems - then I doubt it will interest them, since 1.0.2 will only receive security fixes until it is EOL by Dec 31 2019.
:(

syzop

2019-05-03 20:07

administrator   ~0020622

Workaround, in case anyone else has the same problem:
1. Run ./Config first
2. Then open include/setup.h
3. Change this line:
#define HAS_SSL_CTX_SET1_CURVES_LIST /**/
To:
#undef HAS_SSL_CTX_SET1_CURVES_LIST /**/
4. Now run 'make' and 'make install'

syzop

2019-11-20 17:27

administrator   ~0021113

I think this one can be closed since it seems to apply to some old OpenSSL that will be unsupported 6 weeks from now.
Thanks for the report though, glad it isn't any bigger than this specific type of system and old openssl.

Issue History

Date Modified Username Field Change
2019-05-03 19:58 k4be New Issue
2019-05-03 20:05 syzop Note Added: 0020621
2019-05-03 20:07 syzop Note Added: 0020622
2019-11-20 17:27 syzop Assigned To => syzop
2019-11-20 17:27 syzop Status new => closed
2019-11-20 17:27 syzop Resolution open => no change required
2019-11-20 17:27 syzop Note Added: 0021113