Jason McBrayer jmcbray at carcosa.net
Fri Jun 26 16:15:39 BST 2020
- - - - - - - - - - - - - - - - - - -
Felix Queißner <felix at masterq32.de> writes:
Unfortunately, I can't access cozylabs.eu using the `openssl s_client` tool,
or actually any gemini browser, including AV-98: the error there is "ERROR:
[SSL: UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS] unable to find public key
parameters (_ssl.c:1108)".
This makes me think it's an error with the server, as opposed to the ED22519
key; I'd love to try another server with this type of certificate for testing.
Using Kristall works and it's blazingly fast, seems to be a correct
server configuration
Works fine in elpher, too. It actually works for me in AV-98 and openssls_client, though, so this may be dependent on OpenSSL version? I haveopenssl-1.1.1g installed, but I understand there are lots of systems outthere still on 1.0.x.
(Note: this is a big reason why it's hard to do the "limit to TLS 1.3 or1.2 with good cyphers: the wide use of ancient OpenSSL versions. It'salso why Germinal doesn't actually forbid TLS 1.1 connections: themethod for doing so has changed between OpenSSL 1.0 and 1.1, and thelibrary I'm using doesn't support the 1.1 method.)
-- +-----------------------------------------------------------+| Jason F. McBrayer jmcbray at carcosa.net || A flower falls, even though we love it; and a weed grows, || even though we do not love it. -- Dogen |