Feature #14762
open
Support X25519 and X448 public key algorithms in certificates
0%
Description
Currently there is no support for certificates using X25519 and X448 public keys. Importing certificates with such keys from an external source doesn't always work either (e.g. such certs will not be listed for use by OpenSSL)
These algorithms are treated a bit differently than others in OpenSSL, since in some ways they get treated like EC but in others they do not. The algorithms are listed in openssl list -public-key-algorithms and openssl list -public-key-methods, but they aren't listed in any of the PHP OpenSSL functions or docs I've seen. For example they are not listed among the allowed key cipher constants or key types.
Related issues
Updated by Jim Pingle 5 months ago
- Has duplicate Feature #15059: openvpn server ed25519 certificate added
Updated by Jim Pingle 5 months ago
See also: https://forum.netgate.com/post/1124620
Updated by Jernej Simončič 9 days ago
This looks like a regression – I've got some OpenVPN servers that are set up with ed25519 certificates, which pfSense won't let me edit any more because it doesn't let me select those certificates (if I try editing one of these configurations, the certificate drop-down is set to ===== Server certificates =====).