B9eapf8hxSugJA80OjyE
Dabbler
- Joined
- Sep 11, 2021
- Messages
- 11
Hi,
First time poster, beginner at TrueNAS administration, moderate experience in other relevant stuff. Don't bite my head off if I write something stupid, please.
Tried searching for relevant issues, found no answers. Another thread asked a very similar question, didn't get any replies.
I am trying to create my own CA and certificates within the TrueNAS UI, and dabbling with the elliptic curve (EC) options ('coz why not). My problem is, that I haven't been able to get any of the curves working; always getting an ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome) or SSL_ERROR_NO_CYPHER_OVERLAP (FF) or similar error. I've tried an EC CA (various curves, SHA256 and SHA384; not exhaustive but quite a lot of combinations) -> EC Certificate with similar variations. No success at al, so I'm I am wondering if it is even possible to do?
TrueNAS offers the following EC curves: BrainpoolP{512, 384, 256}R1, SECP256K1, ed25519.
Chrome, for example, seems to support the following (as per SSLLabs report): x25519, secp256r1, secp384r1
My knowledge of EC encryption is limited, but it seems that none of these overlap, e.g. ed25519 isn't x25519 (see stack exchange thread). It is somewhat confusing that there are curves, ECDH, ECDSA protocols etc. with similar naming.
Long story short, has anyone any recommendation what settings work, or how to troubleshoot further? Any help would be appreciated.
Btw, this isn't about browsers warning about self-signed certificates. I am well aware how to handle those issues.
First time poster, beginner at TrueNAS administration, moderate experience in other relevant stuff. Don't bite my head off if I write something stupid, please.
Tried searching for relevant issues, found no answers. Another thread asked a very similar question, didn't get any replies.
I am trying to create my own CA and certificates within the TrueNAS UI, and dabbling with the elliptic curve (EC) options ('coz why not). My problem is, that I haven't been able to get any of the curves working; always getting an ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome) or SSL_ERROR_NO_CYPHER_OVERLAP (FF) or similar error. I've tried an EC CA (various curves, SHA256 and SHA384; not exhaustive but quite a lot of combinations) -> EC Certificate with similar variations. No success at al, so I'm I am wondering if it is even possible to do?
TrueNAS offers the following EC curves: BrainpoolP{512, 384, 256}R1, SECP256K1, ed25519.
Chrome, for example, seems to support the following (as per SSLLabs report): x25519, secp256r1, secp384r1
My knowledge of EC encryption is limited, but it seems that none of these overlap, e.g. ed25519 isn't x25519 (see stack exchange thread). It is somewhat confusing that there are curves, ECDH, ECDSA protocols etc. with similar naming.
Long story short, has anyone any recommendation what settings work, or how to troubleshoot further? Any help would be appreciated.
Btw, this isn't about browsers warning about self-signed certificates. I am well aware how to handle those issues.
