openssl: UnsupportedAlgorithm: X25519 is not supported by this version of OpenSSL.
root@orangepiplus2e:/etc/ld.so.conf.d# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
i get latest version openssl:
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1b.tar.gz
unarchive it and configure:
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
then:
make && make test && make install
fixed links in os and cheked version:
openssl version -a
OpenSSL 1.1.1b 26 Feb 2019
built on: Sat Apr 27 14:42:16 2019 UTC
platform: linux-armv4
options: bn(64,32) rc4(char) des(long) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -march=armv7-a -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific
and afterm i exec app (yowsup request):
...
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/primitives/asymmetric/x25519.py", line 42, in generate
_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
cryptography.exceptions.UnsupportedAlgorithm: X25519 is not supported by this version of OpenSSL.
i write about it yowsup developer, he says, upgrade openssl version 1.1.0+, i upgrade it, but it not works, may be i have mistake in configure proccess? can anybody help me please?
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 24 (12 by maintainers)
@nick2525 I would recommend opening a separate issue: they are not the same problem, as ed25519 is not a key exchange algorithm but just deals with signatures.
In the new issue you might also want to include more details about what you are trying to do exactly when the error occurs.
As a sidenote, it seems very likely that this is an issue in the python binding rather than in OpenSSL, so you might consider opening an issue in that project to receive the best support for your problem!
I suspect
set_ecdh_curveis a hold over from earlier versions of OpenSSL. There’s a bit of history here. OpenSSL 1.0.0 introduced ECDH support and you had to callSSL_CTX_set_tmp_ecdh()in order to enable it by specifying a single ECDH curve. OpenSSL 1.0.2 additionally introducedSSL_CTX_set_ecdh_auto()which you still had to call explicitly but you didn’t have to specify a single ECDH curve - it used a built in default set. OpenSSL 1.1.0 madeSSL_CTX_set_ecdh_auto()a no-op (deprecating it at the same time), and “auto” ecdh config was enabled by default. ProbablySSL_CTX_set_tmp_ecdh()should have been deprecated at the same time - but this has only relatively recently occurred (will be the case for 3.0).In the meantime X25519/X448 support has also been added (which is strictly speaking not ECDH and can’t be controlled by the legacy
SSL_CTX_set_tmp_ecdh()function). The new method of configuring these things (if you don’t want the default) is to useSSL_CTX_set1_groups().Most applications don’t need to worry about this stuff. They just get the default set of supported groups without calling anything specific (and that includes X25519).
It’s possible that python defaults to some specific ECDH curve using the old functions if you don’t call
set_ecdh_curveexplicitly - which is why you get this problem. If it doesn’t then it could be that a fix is as simple as removing the call toset_ecdh_curveto go back to getting the OpenSSL defaults. If not, and if there is no way to callSSL_CTX_set1_groups()then the python bindings will need to be changed in order to enable this in some way.