View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005262||unreal||ircd||public||2019-05-03 19:58||2019-05-03 20:07|
|Target Version||Fixed in Version|
|Summary||0005262: Problem starting the ircd: "Failed to apply ecdh-curves"|
|Description||A warning appears on every attempt to start:|
[warning] Failed to apply ecdh-curves 'secp521r1:secp384r1:prime256v1'. To get a list of supported curves with the appropriate names, run 'openssl ecparam -list_curves' on the server. Separate multiple curves by colon, for example: ecdh-curves "secp521r1:secp384r1".
This causes the boot to fail if there are any SSL listen blocks.
The command "openssl ecparam -list_curves" says there is no "ecparam" subcommand.
Specifying any single set:ssl:ecdh-curves value of the three above does not work too.
|Additional Information||Version strings:|
UnrealIRCd-4.2.3. test2.pirc.pl :Fhin6OoEM3 [Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l=4203]
OpenSSL 1.0.2o 27 Mar 2018
PCRE2 10.32 2018-09-10
Linux armata 5.0.11-k4be #2 SMP Fri May 3 13:06:17 CEST 2019 armv7l ARMv7 Processor rev 5 (v7l) Allwinner sun8i Family GNU/Linux
Gentoo Base System release 2.4.1
|Tags||No tags attached.|
|3rd party modules|
Hmm... I just tried this on Ubuntu 16 with OpenSSL 1.0.2g. It works out of the box.
I am indeed wondering if your architecture has anything to do with it (armv7l), if maybe openssl does not have certain functionality for such archs.... would be odd, though.
If it really is an openssl issue - which it seems - then I doubt it will interest them, since 1.0.2 will only receive security fixes until it is EOL by Dec 31 2019.
Workaround, in case anyone else has the same problem:
1. Run ./Config first
2. Then open include/setup.h
3. Change this line:
#define HAS_SSL_CTX_SET1_CURVES_LIST /**/
#undef HAS_SSL_CTX_SET1_CURVES_LIST /**/
4. Now run 'make' and 'make install'