1

I'm setting up a client TLS CA for authenticating requests over the internet to an AWS API Gateway endpoint. It supports TLS 1.2 but not TLS 1.3, at least from what I can tell.

Is there a minimum version of TLS 1.2 for support of Ed25519 certificates?

Improve this question
1
  • <clinton> it depends what you mean by 'support' </> Using an EE cert containing an Ed25519 key, and thus Ed25519 signature(s) in the protocol, requires 1.2 with the option/update cited by banjaxed, or 1.3 as initially published. Using such a signature higher in the cert chain (only) can work on any protocol version -- although an implementation so out of date it doesn't support at least 1.2 is very unlikely to support EdDSA in certs. Commented May 1, 2024 at 2:03

1 Answer 1

Reset to default
2

RFC 8422 is "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier". It defines the use of EdDSA curves (25519 and 448) in Diffie-Hellman and digital signature operations.

The IANA registries for TLS Supported Groups and TLS SignatureAlgorithm have been updated to reflect RFC 8422.

I created a simple PKI with ed25519 keys throughout (using OpenSSL 3.2), configured an MQTT server (Mosquitto 2.0.18) for mutual auth, and then used the OpenSSL s_client command to simulate a client.

I can force the TLS version using openssl s_client -tls1_2 or openssl s_client -tls1_3. Both work fine, and Wireshark confirms the TLS version is as expected.

So in theory it works, but I have also tried 2 different MQTT clients and I can't get either to work!

Improve this answer
1
  • Actually 8422 (for 1.2) and 8446 (for 1.3) uses the Montgomery 'X' form of the curves for keyagreement and the Edwards form for signature, both per rfc7748. Commented May 1, 2024 at 2:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.