The new SFCB broker fails to start with a SSL-related error: Failure setting ECDH curve name (secp22

# openssl ecparam -list_curves
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

The problem is that sfcbd's default secp224r1 ECDH curve is not currently enabled in openssl on Fedora (there's already request to enable it, see rhbz#1067697).

This can be workarounded by setting "sslEcDhCurveName: secp384r1" in "/etc/sfcb/sfcb.cfg".

I will change the default curve to "secp384r1" temporarily to make the package work right after installation.

 

https://bugzilla.redhat.com/show_bug.cgi?id=1097794

 

注意 OpenSSL的版本,旧一些的版本没有ecparam

posted on 2019-01-23 16:57  liujx2019  阅读(201)  评论(0编辑  收藏  举报

导航