ECDSA curves for private key
which private key ECDSA curves does acme handle or is it down to the OpenSSL library of the system?
As we can only select 256-bit or 284-bit ECDSA there's no choice about which curve is selected. With Buypass for example this fails as neither option seems to select the secpXXXr1 or primeXXXv1 curves that are necessary.
Would be appreciated if we could select secp256r1 and secp384r1 specifically (and/or brainpool for that matter) :)
Looks like it's hardcoded in acme.sh:
if [ "$length" = "256" ]; then eccname="prime256v1" fi if [ "$length" = "384" ]; then eccname="secp384r1" fi if [ "$length" = "521" ]; then eccname="secp521r1" fi
Strange that a test cert with Buypass explicitly mentioned not being in the supported 'prime256 ' after creating a 256bit curve setting then
I have to test again it seems!